public/Remove-DisabledUsers.ps1
|
# This script will find any disabled users located in a _DISABLED OU # and remove the profile, home folder and also remove their AD Account # first we will check for the _DISABLED OU function Remove-DisabledUsers { $domain = (Get-ADDomain).DistinguishedName $oucheckname = "_DISABLED" $oucheck = [adsi]::Exists("LDAP://OU=$oucheckname,$domain") if ($oucheck -eq $false) { Write-Warning "Cannot find a _DISABLED OU, exiting now..." exit } else { $disabledou = (Get-ADOrganizationalUnit -Filter 'Name -Like "*_DISABLED*"').DistinguishedName Write-host "I have found a _DISABLED OU at $disabledou" -ForegroundColor Cyan } # Now we will get all disabled users in that OU $userstodelete = Get-ADUser -Filter {Enabled -eq $false} -Properties * -SearchBase $disabledou Write-Host "I have found the following users to delete..." $userstodelete | ft Name,samaccountname,enabled,memberof # Here is a confirmation that exits unless y is entered $confirm = Read-Host "Would you like to proceed with the removal? (type yes to continue)" if ($confirm -ne 'yes') {exit} foreach ($user in $userstodelete) { $homedir = $user.homedirectory $profiledir = $user.profilepath $name = $user.name Write-Host "Removing $name's Home Folder" -ForegroundColor Green Remove-Item $homedir -Recurse -Force Write-Host "Removing $name's Profile" -ForegroundColor Green Remove-Item "$profiledir*" -Recurse -Force Write-Host "Removing $name's Account" -ForegroundColor Green Remove-ADUser $user -Confirm:$false -Verbose } } |