UPDATED Disable AD Accounts with Powershell

As a followup to the disabling AD accounts post earlier this month, I’ve updated the Power Shell (requires the Exchange Management Shell) script some to add some additional functionality.

New features:

• The username of the the administrator running the script is recorded in the text file that lists all of the groups the account was removed from.
• An email is automatically created and sent to the configured recipients (such as the AD Administrators group and/or Information Security…), which is fantastic from an end-to-end accountability and auditing point of view (who did it, when did they do it and why…)

Just find the following variables in the script and change them accordingly:

• $EmailReportFile = “\\YOUR_SERVER_PATH_HERE\Account_Disables_Report.txt”
  • This is the full UNC path to where you want the report saved (this is what is emailed out)
• $domain = “LDAP://dc=DOMAIN,dc=local”
  • The LDAP bind URL for your domain…
• $To = “someone@yourcompany.com”
  • SMTP addresses, comma seperated, of who you want the report emailed to
• $SmtpClient.host = “smtp.yourcompany.com”
  • The SMTP host name to handle your email report (your Exchagne 2007 Hub Transport server(s) or Exchange 2003/2000 front-end server(s) typically, make sure you can perform anonymous relay internally though….)

 Download the script here…

  Disable-ADAccountsSingle.zip (2.9 KiB, 684 hits)

Comments

• 

• Translator

• Categories

  • Active Directory (11)
  • Certification (2)
  • Data Protection Manager 2007 (6)
  • Exchange Server 2007 (25)
  • Microsoft Office Communications Server 2007 (1)
  • Networking (3)
  • Operations Manager (24)
  • PKI & Certificate Services (1)
  • Powershell (10)
  • Server Hardware (5)
  • Storage (4)
  • Visual Basic Script (3)
  • Windows Server 2003 (5)
  • Windows Server 2008 (3)

• Tag Cloud

  • Active Directory | AD LDS | ADAM | Agents | Alerts | antivirus | bug | C-Class Blades | CCR | Certification | Cisco | Cluster | Clustering | Data Protection Manager 2007 | Data Warehouse | DBCreateWizard | dbdsutil | DHCP | DNS | Doh! | Error 5 | EVA | Event Logs | Exchange | Exchange Server 2007 | Fibre Channel | HBA | Health Service | HP | iLo | IMAP | Management | Management Pack | MOSS | Operations Manager | Overrides | PKI & Certificate Services | Powershell | Printers | Reboot | Recipients | Registry | robocopy | Root Server | SAN | Scripting | SDDL | secedit | Self Tuning Threshold | Servers | Sharepoint | SMTP | SSL | strange | Terminal Services | Tools | Updates | Virtualization | VPN | VSS | Whitepaper | Windows Server 2008 |

• Blogroll

  • Ramblings of the Mad Cow

• Archives

  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008
  • October 2008
  • September 2008
  • August 2008
  • July 2008
  • June 2008

• Users Online

  • 3 Users Online