* * First of all, the separation of the script is more complex, about 300 lines, if you have difficulty understanding, you can according to comments, segmented study! Do not copy directly, after all, the operation of leaving the impact is quite large * *
The script workflow is as follows, you can save it as a PS1 when you use it, and then put it in the task plan:
#定义管理凭据
$pwd = " 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000035bf6730bcdda4eb12ed62660d5faed0000000002000000000003660000c000000010000 0003ded59f253f488bd909320e6e53a89f30000000004800000a000000010000000709d6c5a15f7068c51c8a353ee79debb200000002cf42d5be95b64 Cc1c34489e330dc9a08f55d2e06474cadafa78c73c31e29c3d140000005ce706d435eb1d445cac9d1fc9ebe0ded07fbe75 "
$Password = convertto-securestring-string $pwd
$Credential = New-object System.Management.Automation.PSCredential ("Domain\admin", $Password)
#导入AD \sharepoint snap-in and modules
Import-module ActiveDirectory
Add-pssnapin Microsoft.SharePoint.PowerShell
#加载SharePoint用户配置文件管理服务
[System.reflection.assembly]::loadwithpartialname ("Microsoft.Office.Server")
[System.reflection.assembly]::loadwithpartialname ("Microsoft.Office.Server.UserProfiles")
$contextWeb = New-object Microsoft.SharePoint.SPSite ("http://sharepoint:41843")
$ServerContext = [Microsoft.office.server.servercontext]::getcontext ($CONTEXTWEB)
$UserProfileManager = New-object Microsoft.Office.Server.UserProfiles.UserProfileManager ($ServerContext)
$Profiles = $UserProfileManager. GetEnumerator ()
#建立Ex \lync Implicit session
$ExSession = New-pssession-configurationname Microsoft.exchange-connectionuri http://mail.domain.cn/PowerShell/- Credential $Credential-authentication Kerberos
Import-pssession $ExSession
$LyncSession = New-pssession-connectionuri https://sip.domain.cn/OcsPowerShell-Credential $Credential
Import-pssession $LyncSession
#定义报表头
$ReportPath = "C:\Scripts\AutoDismission\";
$DeleteName = "autodelete_$ (get-date-format mmddhhmm). html";
$ReportName = "autodismission_$ (get-date-format mmddhhmm). html";
$ServiceReport = $ReportPath + $ReportName
$DeleteReport = $ReportPath + $DeleteName
$RedColor = "#FF0000"
$WhiteColor = "#FFFFFF"
$Header = " Add-content $ServiceReport $Header
Add-content $DeleteReport $Header
$TableHeader = "<table width= ' 100% ' ><tbody> <tr bgcolor= #CCCCCC > <td width= ' 15% ' align= ' Center ' > Accounts </td> <td width= ' 25% ' align= ' center ' > Apps </td> <td width= ' 25% ' align= ' center ' > Status </td > </tr> "
Add-content $ServiceReport $TableHeader
Add-content $DeleteReport $TableHeader
#查询SharePoint入职开通应用中的Item信息
$SPWeb = get-spweb-identity http://sp.domain.cn
$SPList = $SPWeb. GetList ("/lists/list7")
#定义邮件通知函数
Function send-message ($Creater, $ServiceReport)
{
$SmtpClient = New-object System.Net.Mail.SmtpClient
$SmtpClient. useDefaultCredentials = $False
$SmtpClient. Credentials = New-object System.Net.NetworkCredential ("[Email protected]", "[email protected]")
$SmtpClient. Host = "mail.domain.cn"
$MailMessage = New-object System.Net.Mail.MailMessage
$MailMessage. From = "[Email protected]"
$MailMessage. To.add ("[email protected]")
$Mailmessage. Cc.add ($Creater)
$MailMessage. Subject = "Resignation processing report"
$MailMessage. isbodyhtml = $True
$MailMessage. Body = Get-content $ServiceReport
$SmtpClient. Send ($MailMessage)
}
Function Send-adminmessage
{
$SmtpClient = New-object System.Net.Mail.SmtpClient
$SmtpClient. useDefaultCredentials = $False
$SmtpClient. Credentials = New-object System.Net.NetworkCredential ("[Email protected]", "[email protected]")
$SmtpClient. Host = "mail.domain.cn"
$MailMessage = New-object System.Net.Mail.MailMessage
$MailMessage. From = "[Email protected]"
$MailMessage. To.add ("[email protected]")
$MailMessage. Subject = "Account Deletion report"
$MailMessage. isbodyhtml = $True
$MailMessage. Body = Get-content $DeleteReport
$SmtpClient. Send ($MailMessage)
}
#定义空数组用于存储禁用状态
$FormatEnumerationLimit = 1
$UserReport = @ ()
$Recipients = @ ()
$DeleteResult = @ ()
#遍历SharePoint入职开通页面上的所有Item
Foreach ($UserInfo in $SPList. Items)
{
# $UserInfo. GetFormattedValue ("Employee Account")-match ' sip= ' (? <account>[\w\w]*) ' ID '
# $Account = $Matches. Account.split ("@") [0]
$DisplayName = $UserInfo ["Employee Account"]. Split ("#") [1]
$Account = (Get-aduser-filter {displayname-eq $DisplayName}). sAMAccountName
$User = @ ()
$User +=[pscustomobject]@{
account = $Account
Dismdate = $UserInfo ["Separation Date"]
Company = $UserInfo ["Companies"]
Approve = $UserInfo. Workflows.statustext
Disabled = $UserInfo ["Disabled state"]
Deleted = $UserInfo ["Delete state"]
creater = $UserInfo ["creator"]. Split ("#") [1]
}
if ($User. Approve-eq "Approved"-and $User. Disabled-eq $False-and (get-date)-ge $User. Dismdate-and (get-date)-lt $User. Di Smdate.adddays (30))
{
$Creater = $User. creater
$Recipients + = (Get-aduser-filter {displayname-eq $Creater}-properties emailaddress). EmailAddress
Try
{
Get-aduser-identity $User. Account-properties * | FL | Out-file-filepath "C:\Scripts\AutoDismission\$ ($User. Account)-$ (get-date-format" YyyyMMdd "). Txt "
Disable-adaccount-identity $User. Account-erroraction Stop
Switch ($User. Company)
{"A" {$OU = "OU=_DISABLED,OU=A,DC=DOMAIN,DC=CN"}
"B" {$OU = "OU=_DISABLED,OU=B,DC=DOMAIN,DC=CN"}}
Move-adobject-identity $ (Get-aduser $User. account)-targetpath $OU
$UserReport + = [pscustomobject]@{
accounts = $User. Account
application = "AD account"
Status = "Deactivated"
}
#移除部门组
$Group = (get-aduser-identity $User. Account-properties MemberOf). MemberOf | Get-adgroup
$Group | Remove-adgroupmember-members $User. Account-confirm: $False
#尝试隐藏邮箱
try{
Set-mailbox-identity $User. account-hiddenfromaddresslistsenabled $True
$UserReport + = [pscustomobject]@{
accounts = $User. Account
App = "Exchange Mailbox"
Status = "Deactivated"
}
}
catch{
$UserReport + = [pscustomobject]@{
accounts = $User. Account
App = "Exchange Mailbox"
Status = "Disable Failed"
}
}
#尝试禁用Lync
try{
Disable-csuser-identity $User. Account-confirm: $False-erroraction Stop
$UserReport + = [pscustomobject]@{
accounts = $User. Account
App = "Lync Account"
Status = "Deactivated"
}
}
catch{
$UserReport + = [pscustomobject]@{
accounts = $User. Account
App = "Lync Account"
Status = "Disable Failed"
}
}
#更新禁用信息
$UserInfo ["disabled state"] = $True
$UserInfo. Update ()
}
Catch
{
$UserReport + = [pscustomobject]@{
accounts = $User. Account
application = "AD account"
Status = "Disable failed, please check account information"
}
}
}
ElseIf ($User. Approve-eq "Approved"-and $User. Disabled-eq $True-and $User. Deleted-eq $False-and (get-date)-ge $User. Dismd Ate. AddDays ("30"))
{
$Profiles = $UserProfileManager. GetEnumerator ()
$DismUserProfile = $Profiles | Where-object {$_. Multiloginaccounts-eq "domain\$ ($User. account)"}
#删除SharePoint个人站点
if ($DismUserProfile. Personalsite-ne $Null)
{
Try {
$DismUserProfile. Personalsite.delete ()
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
App = "SharePoint Personal Site"
Status = $True
}
}
Catch
{
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
App = "SharePoint Personal Site"
Status = $False
}
}
}
#删除SharePoint用户配置文件
if ($DismUserProfile-ne $Null)
{
Try
{
$UserProfileManager. Removeuserprofile ("domain\$ ($User. Account)")
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
application = "SP profile"
Status = $True
}
}
Catch
{
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
application = "SP profile"
Status = $False
}
}
}
#删除SP账户
try{
# $DisplayName = get-aduser-identity $User. Account-properties DisplayName
$SPUser = Get-spuser-web "http://sp.domain.cn" | Where-object {$_. Displayname-eq $DisplayName}
Remove-spuser-web "http://sp.domain.cn"-identity $SPUser-erroraction stop-confirm: $false
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
App = "SharePoint Account"
Status = $True
}
}
Catch
{
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
App = "SharePoint Account"
Status = $False
}
}
#删除AD账户
Try
{
Get-aduser $User. Account | Remove-adobject-recursive-confirm: $False-erroraction Stop
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
application = "AD account"
Status = $True
}
}
Catch
{
$DeleteResult +=[pscustomobject]@{
accounts = $User. Account
application = "AD account"
Status = $False
}
}
#更新禁用信息
$UserInfo ["Delete state"] = $True
$UserInfo. Update ()
}
}
$DeleteResult | Foreach-object {
if ($_. Status-ne $True)
{
$color = $redColor
}
Else
{
$color = $whiteColor
}
$DataRow = "<tr> <td width= ' 15% ' >$ ($_. Account) </td> <td width= ' 25% ' >$ ($_. Applications) < /td> <td width= ' 25% ' bgcolor= ' $color ' align= ' center ' >$ ($_. Status) </td> </tr> add-content $DeleteReport $DataRow;} Add-content $DeleteReport "</body>
if ($DeleteResult-ne $Null)
{
Send-adminmessage
}
#添加开通状态到报表内容
$UserReport | Foreach-object {
if ($_. Status-ne "deactivated")
{
$color = $redColor
}
Else
{
$color = $whiteColor
}
$DataRow = "<tr> <td width= ' 15% ' >$ ($_. Account) </td> <td width= ' 25% ' >$ ($_. Applications) < /td> <td width= ' 25% ' bgcolor= ' $color ' align= ' center ' >$ ($_. Status) </td> </tr> add-content $ServiceReport $DataRow;} Add-content $ServiceReport "</body>
#发送报表
If ($UserReport-ne $Null)
{
Send-message-creater $Recipients-servicereport $ServiceReport
}
#移除会话和文件
Remove-pssession $ExSession
Remove-pssession $LyncSession
Remove-item $ServiceReport
Remove-item $DeleteReport
I almost forgot to cite an example:
Disable message completion is like this
Delete a message that looks like it was successful
Well, the whole set into leaving the end of the complete, hoping to alleviate the burden of IT administrators, as for the department change process, because the company is small, temporarily do not involve, so you need the great God himself. If you are interested in studying SCO automation friends, can also add me QQ 522236464
SharePoint in conjunction with PowerShell establishes into separation automation (iv)