We have a script that does the following to "archive" a user. Kind of the opposite of the ARM onboarding template. Renames login, email, proxy-email, profile path by appending -archive to those attributes. Disables their account. Removes them from selected groups. Moves them into a separate OU. Converts their mailbox to a shared mailbox. Does ARM offer anything like this? Is anything in the works?

The Soft Delete action itself is available via right click on the account object. To run additional scripts when executing the action you need to configure the script in the "Scripting" section of the ARM config. Should look something like this:

This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.

You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Archive user

nicholse over 1 year ago

We have a script that does the following to "archive" a user. Kind of the opposite of the ARM onboarding template.

Renames login, email, proxy-email, profile path by appending -archive to those attributes.
Disables their account.
Removes them from selected groups.
Moves them into a separate OU.
Converts their mailbox to a shared mailbox.

Does ARM offer anything like this? Is anything in the works?

Top Replies

8paul over 1 year ago in reply to nicholse +1 verified

The Soft Delete action itself is available via right click on the account object. To run additional scripts when executing the action you need to configure the script in the "Scripting" section of the…

Parents

0 8paul over 1 year ago

Hi Nicholse,

of the things you listed ARM does currently support disabling the account and moving it to a separate OU via the "Soft delete" action.

But as part of that action you can also additionally run a script which could do the other steps.
Cancel
Vote Up 0 Vote Down

Cancel

0 nicholse over 1 year ago in reply to 8paul

I dont claim to be a powershell guru and Im sure this has faults but here is what I came up with. If you have something better Im all ears.:

param ($samaccountname)

import-module activedirectory

#remove the user from all groups
#Get-ADPrincipalGroupMembership $samaccountname
Get-ADPrincipalGroupMembership $samaccountname | foreach {Remove-ADGroupMember $_ -Members $samaccountname -Confirm:$false}

#get the existing proxyaddresses into a variable
$User = get-ADUser -Identity $samaccountname -Properties proxyaddresses, mail
$proxyAddresses = $User.proxyAddresses

#do this here because doing it inline with set-aduser causes bad format
$Email = $User.mail.replace('@','-archive@')

#clear the proxyaddresses
Set-ADUser $samaccountname -Clear ProxyAddresses

#samaccount name cant exceed 20 char hence the substring(0,20)
#set the new proxyaddresses with a + -archive to the previous ones
#reanme the users samaccount name and upn by adding "-archive"
Set-ADUser -Identity $samaccountname -Email $Email -SamAccountName ($samaccountname + "-archive").substring(0,20) -UserPrincipalName "$samaccountname-archive@thwack.com" -Add @{proxyAddresses=$proxyAddresses.replace('@','-archive@')}

Reply

0 nicholse over 1 year ago in reply to 8paul

I dont claim to be a powershell guru and Im sure this has faults but here is what I came up with. If you have something better Im all ears.:

param ($samaccountname)

import-module activedirectory

#remove the user from all groups
#Get-ADPrincipalGroupMembership $samaccountname
Get-ADPrincipalGroupMembership $samaccountname | foreach {Remove-ADGroupMember $_ -Members $samaccountname -Confirm:$false}

#get the existing proxyaddresses into a variable
$User = get-ADUser -Identity $samaccountname -Properties proxyaddresses, mail
$proxyAddresses = $User.proxyAddresses

#do this here because doing it inline with set-aduser causes bad format
$Email = $User.mail.replace('@','-archive@')

#clear the proxyaddresses
Set-ADUser $samaccountname -Clear ProxyAddresses

#samaccount name cant exceed 20 char hence the substring(0,20)
#set the new proxyaddresses with a + -archive to the previous ones
#reanme the users samaccount name and upn by adding "-archive"
Set-ADUser -Identity $samaccountname -Email $Email -SamAccountName ($samaccountname + "-archive").substring(0,20) -UserPrincipalName "$samaccountname-archive@thwack.com" -Add @{proxyAddresses=$proxyAddresses.replace('@','-archive@')}

Children

No Data