Office 365 - Leavers script

This script is designed to be used with the script password encryption for Office 365. See here https://www.techshizz.com/post/powershell-script-password-ecryption-for-multi-site-administration for more info. 

The out of office part of the script relies on invoking two other scripts I have made. 

Out of Office

Out of Office Custom

## The following four lines only need to be declared once in your script.
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes","Description."
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No","Description."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)

## Auto Reply Function
function AutoReply {
[email protected]"

You can now set an out of office, or Quit.

1 Out Of Office - Set template (Must provide alternate contact details)
2 Out of Office - Set a custom message

Q Quit

Select a task by number or Q to quit
"@

Write-Host "Out Of Office" -ForegroundColor Cyan
$r = Read-Host $menu

Switch ($r) {
"1" {
    Write-Host "Loading..." -ForegroundColor Green
    Invoke-Expression -command .\_04Out_Of_Office.ps1
    Exit
}

"2" {
    Write-Host "Loading..." -ForegroundColor Green
    Invoke-Expression -command .\_05Out_Of_Office_Custom_Message.ps1
    Exit
}

"Q" {
    Write-Host "Removing any PS Sessions..." -ForegroundColor Green
    Get-PSSession | Remove-PSSession
    Exit
}

default {
    Write-Host "Choose a valid option... Fool!" -ForegroundColor Yellow
}
} #end switch 
}


Import-Module MSOnline
$rootpath = (get-item '.\' ).parent.FullName
$clientname = Get-Content "$rootpath\client.txt" -Raw
$user = Get-Content "$rootpath\UserID.txt"
$PasswordFile = "$rootpath\Password.txt"
$KeyFile = "C:\ICU\AES.key"
$key = Get-Content $KeyFile
$UserCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Write-Host "Connecting to Exchange Online for $clientname"
Import-PSSession $Session
Write-Host "Connecting to Office 365..."
Connect-MsolService -Credential $UserCredential

## Prompt to search for email address
function EmailSearch {
$title = "Email Search"
$message = "Do you want to search for an email address before you start?"
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result) {
    0{
        $search = Read-Host "Enter Name to Search"
        Write-Host "Searching..."
        Get-Mailbox | Where-Object { $_.Name -Like "*$search*" } | Select-Object DisplayName,PrimarySmtpAddress | Format-Table
        
	EmailSearch
    }1{
        Write-Host "Exiting Search..."
        }
}
}


function RemoveUser{
#Block User Sign in
Write-Host "Blocking User Sign-in Access..."
Set-MsolUser -UserPrincipalName $emailaddress -BlockCredential $true
#Convert Mailbox to shared
Write-Host "Converting Mailbox to Shared..."
Set-Mailbox $emailaddress -type Shared
Write-Host "Waiting for mailbox to finish converting..."
Start-Sleep 30
#Remove Users Licence
Write-Host "Removing Office 365 License..."
$O365User = Get-MsolUser -UserPrincipalName $emailaddress
Set-MsolUserLicense -userprincipalname $emailaddress -Removelicenses $O365User.Licenses.AccountSkuID
}

## Prompt to add deligate access repated
function DeligateAccessLoop {
$title = "Deligate Access"
$message = "Do you want to provide access to the mailbox to someone else?"
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result) {
    0{
        $deligate = Read-Host "Enter the email address of the deligate"
        Add-MailboxPermission –Identity $emailaddress –User $deligate –AccessRights Fullaccess
        Write-Host "Adding Mailbox permissions..." -ForegroundColor Cyan
        DeligateAccessLoop
    }1{
        AutoReply
        EXIT
        }
}
}

function RemovefromDistros {
$title = "Remove from groups"
$message = "Do you want to remove this user from all distro groups in the tenant?"
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result) {
    0{
    Write-Host "Output will show errors for each group that the user was not a member of, this is noraml, press enter to continue."
    pause
    $DGs= Get-DistributionGroup
    foreach($dg in $DGs)
    {Remove-DistributionGroupMember $dg.name -Member $emailaddress -confirm:$false}
    }
    1{
    
        Write-Host "Skipping Distro Removal..."
    }
    }
    }

EmailSearch

#Grab User ID
$emailaddress = Read-Host "Enter the users Email address"

RemoveUser
RemovefromDistros
DeligateAccessLoop

Add comment