62 lines
2.0 KiB
PowerShell
62 lines
2.0 KiB
PowerShell
function Move-AccountToDisabledOU {
|
|
|
|
<#
|
|
.SYNOPSIS
|
|
Moves an AD Account to the Disabled Accounts OU
|
|
|
|
.DESCRIPTION
|
|
Moves an AD Account to the Disabled Accounts OU
|
|
|
|
.PARAMETER AccountDistinguishedName
|
|
[string] The DistinguishedName of an AD Account to Act Upon
|
|
|
|
.PARAMETER DisabledAccountOU
|
|
[string The OU name for disabled accounts. Defaults to "Disabled Accounts"
|
|
|
|
.PARAMETER DomainName
|
|
[string] The domain name to act upon. Defaults to "fh.local"
|
|
|
|
.EXAMPLE
|
|
Move-AccountToDisabledOU "fake.serviceaccount")
|
|
|
|
.EXAMPLE
|
|
Move-AccountToDisabledOU "fake.serviceaccount") -DisabledAccountOU "Trash Can" -Domain "corp.alkamitech.com"
|
|
#>
|
|
|
|
[CmdletBinding()]
|
|
param (
|
|
[Parameter(Mandatory = $true)]
|
|
[ValidateNotNullOrEmpty()]
|
|
[string]$AccountDistinguishedName,
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[string]$DisabledAccountOU = "Disabled Accounts",
|
|
|
|
[Parameter(Mandatory = $false)]
|
|
[string]$DomainName = "fh.local"
|
|
)
|
|
|
|
$logLead = Get-LogLeadName
|
|
|
|
if (!(Test-IsUserDomainAdmin)) {
|
|
|
|
Write-Warning "$logLead : You must have domain administrative privileges to run this command"
|
|
return $nulls
|
|
}
|
|
|
|
$domainNameDistinguishedName = Get-DomainNameDistinguishedName $DomainName
|
|
$disabledAccountOUTrimmed = $DisabledAccountOU.TrimStart("OU=")
|
|
$disabledAccountsOUDN = "OU=$disabledAccountOUTrimmed"
|
|
$disabledAccountsOUDistinguishedName = "$disabledAccountsOUDN,$domainNameDistinguishedName"
|
|
|
|
Write-Host "$logLead : Acting on Account with Distinguished Name [$AccountDistinguishedName]"
|
|
if ($AccountDistinguishedName -match $disabledAccountsOUDN) {
|
|
|
|
Write-Warning "$logLead : Account is already in Disabled Accounts OU [$disabledAccountsOUDistinguishedName]"
|
|
|
|
} else {
|
|
|
|
Write-Host "$logLead : Moving account to the Disabled Accounts OU [$disabledAccountsOUDistinguishedName]"
|
|
Move-ADObject -Identity $AccountDistinguishedName -TargetPath $disabledAccountsOUDistinguishedName
|
|
}
|
|
} |