Home > Uncategorized > PowerShell Script to Delete SharePoint Users in Active Directory and Send Out Email Notification of Affected Users

PowerShell Script to Delete SharePoint Users in Active Directory and Send Out Email Notification of Affected Users

On request I was asked if I could provide a script to automatically purge (delete) SharePoint users out of AD who have not authenticated to the Portal in 45 days.  In my environment we have a process that allows external portal access if  users are authorized access, and to keep our AD environment clean I needed to remove these external portal accounts in AD if they have not authenticate to the portal within 45.  Below is the PS script I created to do just that.

I blogged about how to use PowerShell to Send Email Notifications and Automatically Move and Disable SharePoint Users in Active Directory here — https://shipoint.com/2014/02/03/powershell-script-to-send-email-notifications-and-automatically-move-and-disable-sharepoint-users-in-active-directory/

You would replace the values highlighted in RED with your own.

————————————————————————————————————-

$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$ADSearch = New-Object System.DirectoryServices.DirectorySearcher
$ADSearch.PageSize = 1000
$ADSearch.SearchScope = “subtree”
#AD Path to External Portal Disabled Users
$ADSearch.SearchRoot = “LDAP://OU=OU,OU=OU,OU=OU,DC=DC,DC=DC
$daysOld = 1

$today = Get-Date
$oldestValidLogon = $today.AddDays(-$daysOld)
$EmailSentDate = $today.tostring(“MM-dd-yyyy”)

$Deleted_AD_Portal_Users = “d:\Portal\Deleted-AD-Portal-Users_” + $EmailSentDate + “.txt”
$Deleted_AD_Portal_Users_SAMAccount = “d:\Portal\Deleted-AD-Portal-Users-SAMAccount_” + $EmailSentDate + “.txt”

$ADSearch.Filter = “(objectClass=user)”

$ADSearch.PropertiesToLoad.Add(“distinguishedName”)
$ADSearch.PropertiesToLoad.Add(“sAMAccountName”)
$ADSearch.PropertiesToLoad.Add(“lastLogonTimeStamp”)
$ADSearch.PropertiesToLoad.Add(“displayName”)
$ADSearch.PropertiesToLoad.Add(“mail”)
$ADSearch.PropertiesToLoad.Add(“telephoneNumber”)
$ADSearch.PropertiesToLoad.Add(“description”)

$userObjects = $ADSearch.FindAll()

foreach ($user in $userObjects)
{
$dn = $user.Properties.Item(“distinguishedName”)
$displayName = $user.Properties.Item(“displayName”)
$mail = $user.Properties.Item(“mail”)
$phone = $user.Properties.Item(“telephoneNumber”)
$sam = $user.Properties.Item(“sAMAccountName”)
$logon = $user.Properties.Item(“lastLogonTimeStamp”)
$description = $user.Properties.Item(“description”)

if($logon.Count -eq 0)
{
$lastLogon = “Never”
}
else
{
$lastLogon = [DateTime]$logon[0]
$lastLogon = $lastLogon.AddYears(1600)

}

if($lastLogon -lt $oldestValidLogon)
{
$inActive = $oldestValidLogon – $lastLogon

$inActive = $inActive.Days
if ($inActive -ge 45)
{
$ADSPath = $User.Properties.adspath

“UsersDeleted: ” + $ADSPath >> $Deleted_AD_Portal_Users
$sam >> $Deleted_AD_Portal_Users_SAMAccount

$AUser = [ADSI](“$ADSPath”)

$AUser.PSBase.DeleteTree()
}

}

}

$att1 = New-Object Net.Mail.Attachment($Deleted_AD_Portal_Users)
$att2 = New-Object Net.Mail.Attachment($Deleted_AD_Portal_Users_SAMAccount)
$email = New-Object System.Net.Mail.MailMessage
$email.From = “EMAIL ADDRESS”
$email.To.Add(“EMAIL ADDRESS”)
$email.To.Add(“EMAIL ADDRESS”)
$email.To.Add(“EMAIL ADDRESS”)
$email.Subject = “External Portal Accounts Report – Deleted Accounts”
$email.Body = “The following External Portal accounts have been deleted from Active Directory.  Please see attached files, for affected deleted accounts. No further action is needed.”
$email.Attachments.Add($att1)
$email.Attachments.Add($att2)
$smtpServer = “SMTP IP”
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$smtp.Send($email)

Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: