0 votes

Hi all,

I need some help with this builtin script. It's a good foundation for what I'd like to do but I need to be able to keep the user in two groups (one, really, if it exists).

I need to keep them in:

* Domain Users
* MLGX Users (this is our Metalogix Archive Manager group).

If they are a part of the MLGX group, I want them to keep that group membership. If the MLGX group membership is not seen, do nothing and simply keep them in the Domain Users group only.

Also, I'd like to see if the following is possible (please see the screenshot)
The rule is: If there is a manager, set forwarding to the manager.
How can I add: If there is no manager, e-mail IT and notify the team that forwarding was not set. (unless there is a better method to achieving this, some kind of output log of the tasks completed on the deprovisioned user)..

Thank you!

by (100 points)
0

Reviewing this in some more depth, is it also possible to remove any phone partnerships with Exchange? What I want is to disable the user's access to e-mail IMMEDIATELY when we receive notification of their termination as part of this Deprovisioning.

-- I think I found the answer to this particular question.

1 Answer

0 votes
by (293k points)
selected by
Best answer

Hello Adrian,

I need some help with this builtin script. It's a good foundation for what I'd like to do but I need to be able to keep the user in two groups (one, really, if it exists).

Find the updated script below.

$groupNamesToSkip = @("MLGX Users")

# Get all groups user is a direct member of
$groupGuids = $Context.TargetObject.GetEx("adm-DirectMemberOfGuid")

# Get the Primary Group ID
$primaryGroupId = $Context.TargetObject.Get("primaryGroupID")

foreach ($groupGuidBytes in $groupGuids)
{
    # Bind to the group
    $groupGuid = New-Object "System.Guid" (,$groupGuidBytes)
    $groupGuid = $groupGuid.ToString("B")
    $groupPath = "Adaxes://<GUID=$groupGuid>"
    $group = $Context.BindToObject($groupPath)
    $groupName = $group.Get("cn")

    # Skip the group if it is the user's Primary Group
    if (($group.Get("primaryGroupToken") -eq $primaryGroupId) -or ($groupNamesToSkip -contains $groupName))
    {
        continue
    }

    # Remove user from the group
    $group.Remove($Context.TargetObject.AdsPath)
    $Context.LogMessage("Removed the user from group '$groupName'", "Information")
}

How can I add: If there is no manager, e-mail IT and notify the team that forwarding was not set. (unless there is a better method to achieving this, some kind of output log of the tasks completed on the deprovisioned user)..

You can achieve this by adding another set of actions and conditions to the Scheduled Task. To do so:

  1. Launch Adaxes Administration Console.
  2. Navigate to Configuration\Scheduled Tasks and select the task.
  3. Click Add action to a new set in the Result Pane.
  4. Select Send e-mail notification.
  5. Specify Action Parameters and click OK.
  6. Double-click Always.
  7. Select If <property><relation><value>.
  8. Select If Manager is empty.
  9. Click OK and save the changes.
0

You guys rock!! I'm going to test this tomorrow. Thank you so much!

Related questions

0 votes
1 answer

I am using this script to remove all users from groups when they are terminated. This script doesn't remove users from Azure only groups just on prem. How would I change ... .LogMessage("Can not remove $U from $GN"+$_.Exception.Message, "Information") } }

asked Jun 18 by mightycabal (1.0k points)
0 votes
1 answer

I would like to have a script that removes the offboarded users from all teams groups

asked Jan 3 by bodson (20 points)
0 votes
1 answer

Is it possible using PowerShell to copy group memberships from an already existing user without copying 2 specific groups named for example test and test 1 ? We are currently ... groups are not included. I can share the PowerShell script if needed. KR, Cas

asked Oct 30, 2023 by Cas (200 points)
0 votes
1 answer

Hi, I would like to use the custom commands to deprovision an AD user. Is there a way to automatically remove all groups (besides Domain Users which cannot be removed) from a user? Thanks...

asked May 1, 2014 by decop (20 points)
0 votes
1 answer

https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm I found this script but it only removes 365 groups, security groups, and ... user from all shared mailboxes they are a member of when disabling a user. Thanks!

asked Sep 8, 2023 by silicondt (60 points)
3,574 questions
3,263 answers
8,282 comments
548,008 users