Example User onboarding & offboarding Scripts: Difference between revisions
From Lucca's Wiki
Jump to navigationJump to search
(Created page with "<hr>User Onboarding<hr> <hr>User Offboarding<hr> echo "Connecting to 365..." Connect-MgGraph -NoWelcome -TenantId $tenantID Pause echo "Connecting to exchange online..." Connect-ExchangeOnline -UserPrincipalName $tenantAdminUsername Pause echo "Connecting to MSOnline..." Connect-MsolService Pause $user = Get-MgUser -UserId $userEmail echo "Making user a shared mailbox..." Set-Mailbox $userEmail -Type Shared echo "Waiting 60 seconds for the changes to appl...") |
No edit summary |
||
| Line 2: | Line 2: | ||
<hr>User Offboarding<hr> | <hr>User Offboarding<hr> | ||
echo "Connecting to 365..." | |||
Connect-MgGraph -NoWelcome -TenantId $tenantID | |||
Pause | |||
echo "Connecting to exchange online..." | |||
Connect-ExchangeOnline -UserPrincipalName $tenantAdminUsername | |||
Pause | |||
echo "Connecting to MSOnline..." | |||
Connect-MsolService | |||
Pause | |||
$user = Get-MgUser -UserId $userEmail | |||
echo "Making user a shared mailbox..." | |||
Set-Mailbox $userEmail -Type Shared | |||
echo "Waiting 60 seconds for the changes to apply..." | |||
Start-Sleep -Seconds 60 | |||
Get-Mailbox -Identity $userEmail | Format-Table Name, RecipientTypeDetails | |||
echo "Made user a shared mailbox, make sure this applied by reading the above. If not, hit ctrl+C, because the script is about to remove their 365 license next" | |||
Pause | |||
echo "Setting up email forwarding..." | |||
Set-Mailbox -Identity $userEmail -DeliverToMailboxAndForward $true -ForwardingSMTPAddress $forwardingAddress | |||
Pause | |||
echo "Continuing after making shared mailbox..." | |||
$businesspremiumlicense = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'SPB' | |||
Set-MgUserLicense -UserId $userEmail -RemoveLicenses @($businesspremiumlicense.SkuId) -AddLicenses @{} | |||
echo "Revoking sign-in sessions..." | |||
Revoke-MgUserSignInSession -UserId $userEmail | |||
Pause | |||
echo "Blocking sign-in..." | |||
Update-Mguser -UserId $userEmail -AccountEnabled:$false | |||
echo "Resetting MFA..." | |||
$userMfaAccount = Get-MsolUser -UserPrincipalName $userEmail | |||
Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $userMfaAccount.Userprincipalname | |||
Revision as of 17:18, 5 November 2024
User Onboarding
User Offboarding
echo "Connecting to 365..." Connect-MgGraph -NoWelcome -TenantId $tenantID Pause echo "Connecting to exchange online..." Connect-ExchangeOnline -UserPrincipalName $tenantAdminUsername Pause echo "Connecting to MSOnline..." Connect-MsolService Pause
$user = Get-MgUser -UserId $userEmail
echo "Making user a shared mailbox..."
Set-Mailbox $userEmail -Type Shared
echo "Waiting 60 seconds for the changes to apply..."
Start-Sleep -Seconds 60
Get-Mailbox -Identity $userEmail | Format-Table Name, RecipientTypeDetails
echo "Made user a shared mailbox, make sure this applied by reading the above. If not, hit ctrl+C, because the script is about to remove their 365 license next"
Pause
echo "Setting up email forwarding..."
Set-Mailbox -Identity $userEmail -DeliverToMailboxAndForward $true -ForwardingSMTPAddress $forwardingAddress
Pause
echo "Continuing after making shared mailbox..."
$businesspremiumlicense = Get-MgSubscribedSku -All | Where SkuPartNumber -eq 'SPB'
Set-MgUserLicense -UserId $userEmail -RemoveLicenses @($businesspremiumlicense.SkuId) -AddLicenses @{}
echo "Revoking sign-in sessions..."
Revoke-MgUserSignInSession -UserId $userEmail
Pause
echo "Blocking sign-in..."
Update-Mguser -UserId $userEmail -AccountEnabled:$false
echo "Resetting MFA..."
$userMfaAccount = Get-MsolUser -UserPrincipalName $userEmail
Reset-MsolStrongAuthenticationMethodByUpn -UserPrincipalName $userMfaAccount.Userprincipalname
