Skip to content
/ AD-UserLifecycle Public

PowerShell module for AD user lifecycle automation: provisioning from templates, offboarding, and reporting.

License

MIT license
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

larro1991/AD-UserLifecycle

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
Private
Private
 
 
Public
Public
 
 
Samples
Samples
 
 
Templates
Templates
 
 
Tests
Tests
 
 
.gitignore
.gitignore
 
 
AD-UserLifecycle.psd1
AD-UserLifecycle.psd1
 
 
AD-UserLifecycle.psm1
AD-UserLifecycle.psm1
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

AD-UserLifecycle

PowerShell module for automating the Active Directory user lifecycle -- from provisioning to offboarding to compliance reporting.

Built for enterprise environments where user provisioning needs to be consistent, offboarding needs to be thorough, and auditors need documentation.

The Problem

Manual AD user management doesn't scale. New hires get inconsistent group memberships depending on who creates the account. Offboarding is a checklist someone forgets half of. Auditors ask "show me everyone in the domain" and someone spends an afternoon in ADUC.

What This Module Does

Function Purpose
New-ADUserFromTemplate Create AD users from a template account -- single or bulk CSV import
Disable-DepartedUser Complete offboarding: disable, reset password, strip groups, archive home folder, move to Disabled OU, hide from GAL
Export-ADUserReport Generate HTML/CSV user reports with inactive account flagging

Quick Start

Import-Module .\AD-UserLifecycle.psd1

# Provision a single user from a template
New-ADUserFromTemplate -FirstName "Jane" -LastName "Smith" -Template "Template.IT"

# Bulk provision from CSV
New-ADUserFromTemplate -CsvPath ".\Templates\NewHires-Template.csv"

# Preview an offboarding without making changes
Disable-DepartedUser -Identity "jsmith" `
    -DisabledOU "OU=Disabled Users,DC=contoso,DC=com" `
    -ArchivePath "\\fileserver\archives" -WhatIf

# Generate an audit report flagging 60-day inactive users
Export-ADUserReport -OutputFormat Both -DaysInactive 60

Example Output

Provisioning:

SAMAccountName DisplayName      OU                                        Template     Status
-------------- -----------      --                                        --------     ------
smithj         Smith, Jane      OU=Users,OU=IT,DC=contoso,DC=com         Template.IT  Created
jonesb         Jones, Bob       OU=Users,OU=HR,DC=contoso,DC=com         Template.HR  Created

Offboarding:

SAMAccountName : jsmith
DisplayName    : Jane Smith (jsmith)
PreviousGroups : IT-Staff; VPN-Users; SharePoint-Users
PreviousOU     : OU=Users,OU=IT,DC=contoso,DC=com
MovedTo        : OU=Disabled Users,DC=contoso,DC=com
HomeFolderArchived : True
Status         : Offboarded
Date           : 2026-02-15 14:30

HTML Report:

See Samples/sample-report.html for an example of the audit report output.

Installation

# Copy to a module path
Copy-Item -Path .\AD-UserLifecycle -Destination "$env:USERPROFILE\Documents\PowerShell\Modules\" -Recurse

# Or import directly
Import-Module .\AD-UserLifecycle.psd1

Requirements

  • PowerShell 5.1+
  • ActiveDirectory module (RSAT)
  • Permissions: create/modify users in target OUs, read template accounts
  • (Optional) Write access to archive file share for home folder archival

CSV Format for Bulk Provisioning

See Templates/NewHires-Template.csv:

FirstName,LastName,Template,Department,Title,OfficePhone,Email
Jane,Smith,Template.IT,Information Technology,Systems Administrator,555-0101,jsmith@contoso.com
Bob,Jones,Template.HR,Human Resources,HR Coordinator,555-0102,bjones@contoso.com

Design Decisions

  • Template-based provisioning -- new users inherit OU placement, group memberships, and address properties from a designated template account. This ensures consistency across departments.
  • SAMAccountName generation -- automatically creates lastnamefirstinitial format and handles collisions (smithj, smithj2, etc.)
  • Offboarding is a single command -- disable, reset password, strip groups, update description, hide from GAL, archive home folder, and move to Disabled OU. Every action logged to transcript for audit.
  • -WhatIf on everything destructive -- preview any operation before it runs. ConfirmImpact = 'High' on offboarding forces confirmation by default.
  • Transcript logging -- every provisioning and offboarding session writes a timestamped log file for compliance evidence.

Project Structure

AD-UserLifecycle/
├── AD-UserLifecycle.psd1          # Module manifest
├── AD-UserLifecycle.psm1          # Root module (auto-loads Public/Private)
├── Public/
│   ├── New-ADUserFromTemplate.ps1 # User provisioning
│   ├── Disable-DepartedUser.ps1   # Offboarding workflow
│   └── Export-ADUserReport.ps1    # Audit reporting
├── Private/
│   ├── _New-RandomPassword.ps1    # Secure password generator
│   └── _New-HtmlReport.ps1       # HTML report builder
├── Templates/
│   └── NewHires-Template.csv      # Sample bulk import CSV
├── Tests/
│   └── AD-UserLifecycle.Tests.ps1 # Pester tests
└── Samples/
    └── sample-report.html         # Example HTML report output

Running Tests

Invoke-Pester .\Tests\ -Output Detailed

Feedback & Contributions

This tool was built to solve real admin pain points. If you have ideas for improvement, find a bug, or want to suggest a feature:

  • Open an issue on this repo — Issues
  • Feature requests, bug reports, and general feedback are all welcome
  • Pull requests are appreciated if you want to contribute directly

If you find this useful, check out my other tools at larro1991.github.io

License

MIT

About

PowerShell module for AD user lifecycle automation: provisioning from templates, offboarding, and reporting.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages