Clean up user accounts in one OU after linked-mailbox migration to new domain

This script uses the Quest AD Cmdlets that can be downloaded free from Quest.

# Add the Quest commandlets if not added 
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "quest.activeroles.admanagement"})) {
      ADD-PSSnapin Quest.Activeroles.ADManagement
    }

# Add Exchange 2010 commandlets (if not added)
if(!(Get-PSSnapin | 
    Where-Object {$_.name -eq "Microsoft.Exchange.Management.PowerShell.E2010"})) {
      ADD-PSSnapin Microsoft.Exchange.Management.PowerShell.E2010
    }

################## SETTINGS
# Home directory for users
$homedir = "\contoso.comusers"

# Domain
$domain = "contoso.com"

# Email address to keep
$keepmail = "@contoso.com"

# The OU we are working on
$OU = "contoso.com/Users/migrated_users"
##################

# Run on all users in the defined OU
Get-QADUser -SearchRoot $OU | 
foreach {
    echo "-------------------------------------------------"    
    echo "Working on $($_.displayname)"
    echo "-------------------------------------------------"

    # Generate username after the 3+3 rule
    $userprincipalname = ($_.firstname.substring(0,3) + $_.lastname.substring(0,3)).tolower()
    $userprincipalname = $userprincipalname.replace("ø","o")
    $userprincipalname = $userprincipalname.replace("å","a")
    $userprincipalname = $userprincipalname.replace("æ","e")
 
    # Make the changes on the user account
    Set-QADUser -Identity $_ -UserPrincipalName $($userprincipalname + "@" + $domain) -SamAccountName "$($userprincipalname)" -HomeDirectory $($homedir + $userprincipalname) -HomeDrive "H:"  #-whatif

    # Check to see if the users homedirectory exists
    if ( !(Test-Path -Path "$homedir$userprincipalname" -PathType Container) ) {

         # Doesn't exist so create it.
         Write-Host "home directory doesn't exist. Creating home directory."

         # Create the directory
         New-Item -path $homedir -Name $userprincipalname -ItemType Directory
         $userDir = "$homedir$userprincipalname"

         # Modify  Permissions on homedir
         $Rights= [System.Security.AccessControl.FileSystemRights]::Read -bor [System.Security.AccessControl.FileSystemRights]::Write -bor [System.Security.AccessControl.FileSystemRights]::Modify -bor [System.Security.AccessControl.FileSystemRights]::FullControl
         $Inherit=[System.Security.AccessControl.InheritanceFlags]::ContainerInherit -bor [System.Security.AccessControl.InheritanceFlags]::ObjectInherit
         $Propogation=[System.Security.AccessControl.PropagationFlags]::None
         $Access=[System.Security.AccessControl.AccessControlType]::Allow
         $AccessRule = new-object System.Security.AccessControl.FileSystemAccessRule("$userprincipalname",$Rights,$Inherit,$Propogation,$Access)
         $ACL = Get-Acl $userDir
         $ACL.AddAccessRule($AccessRule)
         $Account = new-object system.security.principal.ntaccount($userprincipalname)
         $ACL.setowner($Account)
         $ACL.SetAccessRule($AccessRule)
         Set-Acl $userDir $ACL
    }

    # We need some sleep...
    start-sleep -sec 20

    # Now we need to clean up the users Exchange account
    Get-Mailbox -Identity $userprincipalname |
    
    # Loop through all the emailaddresses
    foreach { 
       $a = $_.emailaddresses
       $b = $_.emailaddresses
     
     # Remove all but $keepmail
       foreach($e in $a) 
           { 
           if ($e.tostring() -notmatch $keepmail ) 
               { $b -= $e; } 
           $_ | Set-mailbox -EmailAddressPolicyEnabled $false -emailaddresses $b -alias $userprincipalname
           }
    }
    
    # We had to remove the emailaddresspolicy to make changes. Let's reactivate it
    Set-mailbox -Identity $userprincipalname -EmailAddressPolicyEnabled $true
}
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s