-
Notifications
You must be signed in to change notification settings - Fork 0
/
M365-UserOffboarding.ps1
51 lines (37 loc) · 1.82 KB
/
M365-UserOffboarding.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
## User Offboarding -
#Variables
$Creds = (Get-Credential)
$TermUserUPN = Read-Host -Prompt "Enter Term User's UPN"
$TermUserUPNNew = ("Term-" + $TermUserUPN)
$TermGroup = "TermUsers@domain.com"
#Connect to Azure AD
Connect-AzureAD -credential $Creds
# Identify Manager via powershell
$TermUserMgr = (get-azureadusermanager –ObjectID $TermUserUPN).objectid
# Disable User Sign In
Set-AzureADUser -ObjectID $TermUserUPN -AccountEnabled $false
Get-AzureADUser -SearchString $TermUserUPN | Revoke-AzureADUserAllRefreshToken
Set-AzureADUser -objectid $TermUserUPN -Company "InActive"
# Connect to Exchange Online
Connect-ExchangeOnline -credential $Creds
# Add to Term M365 Group
Add-UnifiedGrouplinks –identity $TermGroup -linktype "members" -Links $TermUserUPN
# Connect to MSOL
Connect-msolservice -credential $Creds
# Update UPN to New UPN
Set-MsolUserPrincipalName -UserPrincipalName $TermUserUPN -NewUserPrincipalName $TermUserUPNNew
# Remove Alias's so that original address NDRs
Set-Mailbox –identity $TermUserUPN –EmailAddresses @{Remove=$TermUserUPN}
# Convert to Shared Mailbox
Set-Mailbox –Identity $TermUserUPNNew –type Shared
# Add Manager Full Permissions
Add-MailboxPermission -Identity $TermUserUPNNew -User $TermUserMgr -AccessRights FullAccess -InheritanceType All
# Sharepoint – User Profile Add Permissions
# Reference Other PS1 for Sharepoint
## Remove Licensing by removing from Assigned & Dynamic Groups
# Assigned Group Removal
$TermUserUPNNew = Get-MSOLUser -UserPrincipalName $TermUserUPNNew
$GroupID = Get-MsolGroup –SearchString "Microsoft 365 E3"
$GroupIDGUID = $GroupID.ObjectID
Remove-MsolGroupMember –GroupObjectID $GroupID.ObjectId –GroupMemberType User –GroupMemberObjectID $TermUserUPNNew.ObjectID
# Dynamic Group Removal based on Active / Inactive Status so handled in disabling Sign In