I need to disable a long list of users, and I'm wondering if anyone can advise me on how to create a Powershell script that would do this from a list of users in a text file, etc.
Here's a few details about the users:
- The info on our term list identifying the users to be disabled is first and last name, as opposed to user ID, distinguished name, etc.
- Sometimes the first or last name may not match what is listed in AD. For example, someone may be in AD under their first name, but actually uses their middle name, ans that's what is listed on the term list.
- Sometimes when I search for someone (first and last name), it will come up with more than one account that has either the same or similar name, and I will need to figure out which one needs to be disabled. For example, there may be 2 Bob Smith users, one of which is bob.smith1, the other being bob.smith2.
Some info about what I usually do when disabling terminated users:
- Disable the account
- Reset the password (can be the same complex random pw)
- Clear the manager field under the Organization tab
- Remove the user from all groups except Domain Users
- Move the user account to a Disabled Users OU
I also do the following in the Exchange Console:
- Check the "Hide from Exchange address lists" box on the General tab
- Disable all features on the Mailbox Features tab
Sometimes a user I need to disable is partially disabled, so I want to make sure that if I run a script to do all of this, the step that disables a user account will not toggle it to enabled if it is already disabled. The same is true for hiding the user's mailbox from the exchange address lists. I also need to make sure that (for example) if more than one user account is found, it doesn't make any changes to the incorrect user. I would be fine with receiving prompts while the script runs, or even just a list of names that were skipped due to errors, and I can disable those manually.
Please let me know if you have any questions, and thanks in advance for the help.
Andrew