evetsleep · September 26, 2018 15:29
diff --git a/CleanDisabledUsersGroups.ps1 b/CleanDisabledUsersGroups.ps1
 [CmdletBinding(SupportsShouldProcess)]Param()

 $date = get-date
 $date = $date.ToString("yyyyMMdd")

 #set log file path
 $logFile = "c:\temp\" + $date + "_remove_disabled_users_rights.csv"

 try {
    $disabledUsers = Get-ADUser -Filter "enabled -eq '$false' -and name -ne 'guest' -and name -ne 'krbtgt'" -Properties memberOf -ErrorAction STOP
 }
 catch {
    Write-Error -ErrorAction STOP -Message ('Failed to query for disabled users: {0}' -f $PSItem.exception.message)
 }

 $errorLog = New-Object System.Collections.Generic.List[PSCustomObject]
 foreach ($user in $disabledUsers) {
    foreach ($group in $user.memberOf) {
        $result = [PSCustomObject]@{
            Timestamp   = Get-Date
            UserId      = $user.sAMAccountName
            Group       = $group
            Removed     = $false
            Error       = $null
        }
        try {
            if ($PSCmdlet.ShouldProcess( ('{0}->{1}' -f $user.sAMAccountName,$group) )) {
                Remove-ADGroupMember -Identity $group -Members $user.distinguishedname
                $result.Removed = $true
            }
        }
        catch {
            $result.Error = $PSItem.exception.message
            Write-Warning -ErrorAction STOP -Message ('Failed to remove {0} from {1}' -f $user.sAMAccountName,$group)
        }
        $errorLog.Add($result)
    }
 }

 $result | Export-Csv -NoTypeInformation -Path $logFile
	[CmdletBinding(SupportsShouldProcess)]Param()

	$date = get-date
	$date = $date.ToString("yyyyMMdd")

	#set log file path
	$logFile = "c:\temp\" + $date + "_remove_disabled_users_rights.csv"

	try {
	$disabledUsers = Get-ADUser -Filter "enabled -eq '$false' -and name -ne 'guest' -and name -ne 'krbtgt'" -Properties memberOf -ErrorAction STOP
	}
	catch {
	Write-Error -ErrorAction STOP -Message ('Failed to query for disabled users: {0}' -f $PSItem.exception.message)
	}

	$errorLog = New-Object System.Collections.Generic.List[PSCustomObject]
	foreach ($user in $disabledUsers) {
	foreach ($group in $user.memberOf) {
	$result = [PSCustomObject]@{
	Timestamp = Get-Date
	UserId = $user.sAMAccountName
	Group = $group
	Removed = $false
	Error = $null
	}
	try {
	if ($PSCmdlet.ShouldProcess( ('{0}->{1}' -f $user.sAMAccountName,$group) )) {
	Remove-ADGroupMember -Identity $group -Members $user.distinguishedname
	$result.Removed = $true
	}
	}
	catch {
	$result.Error = $PSItem.exception.message
	Write-Warning -ErrorAction STOP -Message ('Failed to remove {0} from {1}' -f $user.sAMAccountName,$group)
	}
	$errorLog.Add($result)
	}
	}

	$result \| Export-Csv -NoTypeInformation -Path $logFile