One of the components that makes this off-boarding tool useful is that it enables certain work to be performed automatically by a service account instead of manually by an IT admin. Examples of this type of work are disabling an AD user account, forwarding the mailbox’s email to the person’s manager, removing the user from Lync, etc.
Anything that can be done via PowerShell can be packaged and used in the off-boarding tool. I want to include an example of how I’m structuring these scripts so that you can make your own scripts in similar fashion and then use them in your own environment with the off-boarding tool scripts…
First thing, in the UserManagementAuto folder on your IT network share, any PS1 files you create for this should go in a “TaskScripts” subfolder.
The name of the file doesn’t really matter, but my current setup has an underscore in the name and the last portion of the name is something that describes the actions the file will perform. So for example, a PS1 file I want to make that disables an AD user account is called something like 001_DisableADUser.ps1. Within it, the function has to match the file name. So function DisableADUser {} will be good here. More on that later…
The function should accept one parameter (at least). For mine, its a string called $SamAccountName since all my off-boarding tasks are filtered to be done on the one user being off-boarded.
An example, I am calling a domain controller, importing the ActiveDirectory module, and then doing something. Here I’m checking if the user is enabled, and if so am disabling the account.
Also I’m sending back the status of the user as output to be used in a check after. If the account is disabled, the task can be considered completed.
So more on why the file name and function name matters. In my setup, I want it to be dynamic as possible and have one server script be able to run one or many automated tasks. I am accomplishing this by importing a file, parsing the name, then assuming there is a function with that name. If there’s a better way to do the same thing let me know 😛
Also in my setup I’m taking the output and sending an email based on what the results are. In my setup, the email is going to the helpdesk system to update a ticket. You can edit/remove this section if you don’t need it.
More info to come soon. 🙂
greg's wordpress... 