Hi,
This is my first thread. I am having issues with a disabling user script. The script appears to do everything except that it logs a . instead of the SAMNAME. The script is below:
$USERNAME = Read-Host 'What is the username you are trying to process the exit for? '
$TimeStamp = (Get-Date).AddMonths(1).ToString('M-d-yyyy')
$userProfilePathDesktop = "***" + $USERNAME
$destinationPathDesktop = "***"
$ErrorLog = "***" #Loginfo File
#$userProfilePathVDI = "***" + $USERNAME + ".V2"
#making sure AD Account Exists
if( Get-ADuser -Identity $USERNAME)
{
Write-Host "Account Exists"
get-ADuser -Identity $USERNAME | Move-ADObject -TargetPath "OU=Disabled Accounts 2,DC=Test,DC=Test"
Disable-ADAccount -Identity $USERNAME
#Remove-ADUser -Identity $USERNAME
Set-ADUser $USERNAME -Description ("Delete after " + $Timestamp)
$time = Get-Date
$email = @{
From = "Test.Test"
To = "Test.Test"
Subject = "$time Exited User $USERNAME"
SMTPServer = "fissmtp1p.Test.Test"
Body = $($USERNAME + " has been processed for Deletion. Please remove any VDI or Unidesk access - Server Team")
}
send-mailmessage @email
#making sure all paths exist
if(Test-path $userProfilePathDesktop)
{
Write-Host ("Desktop profile path exists. Will be deleted after " + $Timestamp)
$objUser = New-Object System.Security.Principal.NTAccount("admin.bob")
$objFile = Get-Acl $userProfilePathDesktop
$objFile.SetOwner($objUser)
Set-Acl -aclobject $objFile -path $userProfilePathDesktop
Move-Item $userProfilePathDesktop $destinationPathDesktop
Rename-Item ($destinationPathDesktop + $USERNAME) ($username + "." + $TimeStamp)
}
Else
{
Write-Host "User does not have a desktop Profile"
}
$ADMINUSER = [Environment]::UserName
$DATE = Get-Date
$loginfo = "User $SAMNAME was Exited by $ADMINUSER on $DATE"
Add-Content $ErrorLog $Loginfo
}
else
{
Write-Host "No Such account: Check Spelling"
}