SharePoint結合PowerShell創建入離職自動化(四)

時間  2021-08-12
標籤 css html api 數組 dom ide 函數 spa 3d 欄目 Java開源 简体版
原文   原文鏈接

**首先說明,離職的腳本比較複雜,大概三百多行,各位若是理解起來有困難,能夠根據註釋,分段研究!切勿直接複製,畢竟離職的操做影響仍是蠻大的**css

腳本工做流程以下,各位在使用時保存成ps1,而後放到任務計劃裏就能夠啦:
html

圖片.png



#定義管理憑據
$pwd = "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000035bf6730bcdda4eb12ed62660d5faed0000000002000000000003660000c0000000100000003ded59f253f488bd909320e6e53a89f30000000004800000a000000010000000709d6c5a15f7068c51c8a353ee79debb200000002cf42d5be95b64cc1c34489e330dc9a08f55d2e06474cadafa78c73c31e29c3d140000005ce706d435eb1d445cac9d1fc9ebe0ded07fbe75"
$Password = ConvertTo-SecureString -String $pwd
$Credential = New-Object System.Management.Automation.PSCredential("domain\admin",$Password)
#導入AD\SharePoint的管理單元和模塊
Import-Module ActiveDirectory
Add-PSSnapin Microsoft.SharePoint.PowerShell
#加載SharePoint用戶配置文件管理服務
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server")
[System.Reflection.Assembly]::LoadWithPartialName("Microsoft.Office.Server.UserProfiles")
$contextWeb = New-Object Microsoft.SharePoint.SPSite("http://sharepoint:41843")
$ServerContext = [Microsoft.Office.Server.ServerContext]::GetContext($contextWeb)
$UserProfileManager = New-Object Microsoft.Office.Server.UserProfiles.UserProfileManager($ServerContext)
$Profiles = $UserProfileManager.GetEnumerator()
#創建Ex\Lync隱式會話
$ExSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://mail.domain.cn/PowerShell/ -Credential $Credential -Authentication Kerberos
Import-PSSession $ExSession
$LyncSession = New-PSSession -ConnectionUri https://sip.domain.cn/OcsPowerShell -Credential $Credential
Import-PSSession $LyncSession
#定義報表頭
$ReportPath = "C:\Scripts\AutoDismission\";
$DeleteName = "AutoDelete_$(Get-Date -Format MMddhhmm).html";
$ReportName = "AutoDismission_$(Get-Date -Format MMddhhmm).html";
$ServiceReport = $ReportPath + $ReportName
$DeleteReport = $ReportPath + $DeleteName
$RedColor = "#FF0000"
$WhiteColor = "#FFFFFF"api

$Header = "
        <html>
        <head>
        <meta http-equiv='Content-Type' content='text/html; charset=gb2312'>
        <title>Service Report</title>
        <STYLE TYPE='text/css'>
        <!--
        td {
            font-family: Tahoma;
            font-size: 11px;
            border-top: 1px solid #999999;
            border-right: 1px solid #999999;
            border-bottom: 1px solid #999999;
            border-left: 1px solid #999999;
            padding-top: 0px;
            padding-right: 0px;
            padding-bottom: 0px;
            padding-left: 0px;
        }
        body {
            margin-left: 5px;
            margin-top: 5px; 
            margin-right: 0px;
            margin-bottom: 10px;
            table {
            border: thin solid #000000;
        }
        -->
        </style>
        </head>
        <body>
        <table width='100%'>
        <tr bgcolor='#CCCCCC'>
        <td colspan='7' height='25' align='center'>
        <font face='tahoma' color='#003399' size='4'><strong>離職處理狀態</strong></font>
        </td>
        </tr>
        </table>
"

Add-Content $ServiceReport $Header
Add-Content $DeleteReport $Header數組

$TableHeader = "
 <table width='100%'><tbody>
    <tr bgcolor=#CCCCCC>
    <td width='15%' align='center'>帳戶</td>
    <td width='25%' align='center'>應用</td>
    <td width='25%' align='center'>狀態</td>
    </tr>
"

Add-Content $ServiceReport $TableHeader
Add-Content $DeleteReport $TableHeaderdom

#查詢SharePoint入職開通應用中的Item信息
$SPWeb = Get-SPWeb -Identity http://sp.domain.cn
$SPList = $SPWeb.GetList("/Lists/List7")
#定義郵件通知函數
Function Send-Message ($Creater,$ServiceReport)
{
$SmtpClient = New-Object System.Net.Mail.SmtpClient
$SmtpClient.UseDefaultCredentials = $False 
$SmtpClient.Credentials = New-Object System.Net.NetworkCredential("admin@domain.cn","P@ssw0rd")
$SmtpClient.Host = "mail.domain.cn"
$MailMessage = New-Object System.Net.Mail.MailMessage
$MailMessage.From = "admin@domain.cn"
$MailMessage.To.Add("Liuzw@domain.cn")
$Mailmessage.CC.Add($Creater)
$MailMessage.Subject = "離職處理報告"
$MailMessage.IsBodyHtml = $True
$MailMessage.Body = Get-Content $ServiceReport
$SmtpClient.Send($MailMessage)
}
Function Send-AdminMessage
{
$SmtpClient = New-Object System.Net.Mail.SmtpClient
$SmtpClient.UseDefaultCredentials = $False 
$SmtpClient.Credentials = New-Object System.Net.NetworkCredential("admin@domain.cn","P@ssw0rd")
$SmtpClient.Host = "mail.domain.cn"
$MailMessage = New-Object System.Net.Mail.MailMessage
$MailMessage.From = "admin@domain.cn"
$MailMessage.To.Add("Liuzw@domain.cn")
$MailMessage.Subject = "帳戶刪除報告"
$MailMessage.IsBodyHtml = $True
$MailMessage.Body = Get-Content $DeleteReport
$SmtpClient.Send($MailMessage)
}ide

#定義空數組用於存儲禁用狀態
$FormatEnumerationLimit = -1
$UserReport = @()
$Recipients = @()
$DeleteResult = @()
#遍歷SharePoint入職開通頁面上的全部Item

Foreach($UserInfo in $SPList.Items)
{
#$UserInfo.GetFormattedValue("員工帳號") -match "sip='(?<Account>[\w\W]*)' id"
#$Account = $Matches.Account.Split("@")[0]
$DisplayName = $UserInfo["員工帳號"].Split("#")[1]
$Account = (Get-ADUser -Filter {DisplayName -eq $DisplayName}).SamAccountName

$User = @()
$User +=[PSCustomObject]@{
Account = $Account
DismDate = $UserInfo["離職日期"]
Company = $UserInfo["公司"]
Approve = $UserInfo.Workflows.StatusText
Disabled = $UserInfo["禁用狀態"]
Deleted = $UserInfo["刪除狀態"]
Creater = $UserInfo["建立者"].Split("#")[1]
}
if($User.Approve -eq "已批准" -and $User.Disabled -eq $False -and  (Get-Date) -ge $User.DismDate -and (Get-Date) -lt $User.DismDate.AddDays(30))
{
$Creater = $User.Creater
$Recipients += (Get-ADUser -Filter {DisplayName -eq $Creater } -Properties EmailAddress ).EmailAddress
Try
{
Get-ADUser -Identity $User.Account -Properties * | fl |Out-File -FilePath "C:\Scripts\AutoDismission\$($User.Account)-$(Get-Date -Format "yyyyMMdd").Txt"
Disable-ADAccount -Identity $User.Account -ErrorAction Stop
Switch($User.Company)
{"A"{$OU = "OU=_Disabled,OU=A,DC=domain,DC=cn"}
"B"{$OU = "OU=_Disabled,OU=B,DC=domain,DC=cn"}}
Move-ADObject -Identity $(Get-ADUser $User.Account) -TargetPath $OU
$UserReport += [PSCustomObject]@{
帳戶= $User.Account
應用 = "AD帳號"
狀態 = "已停用"
}
#移除部門組
$Group = (Get-ADUser -Identity $User.Account -Properties MemberOf ).MemberOf | Get-ADGroup
$Group | Remove-ADGroupMember -Members $User.Account -Confirm:$False

#嘗試隱藏郵箱
Try{
Set-Mailbox -Identity $User.Account -HiddenFromAddressListsEnabled $True
$UserReport += [PSCustomObject]@{
帳戶= $User.Account
應用 = "Exchange郵箱"
狀態 = "已停用"
}
}
Catch{
$UserReport += [PSCustomObject]@{
帳戶= $User.Account
應用 = "Exchange郵箱"
狀態 = "禁用失敗"
}
}
#嘗試禁用Lync
Try{
Disable-CsUser -Identity $User.Account -Confirm:$False -ErrorAction Stop
$UserReport += [PSCustomObject]@{
帳戶= $User.Account
應用 = "Lync帳號"
狀態 = "已停用"
}
}
Catch{
$UserReport += [PSCustomObject]@{
帳戶= $User.Account
應用 = "Lync帳號"
狀態 = "禁用失敗"
}
}
#更新禁用信息
$UserInfo["禁用狀態"] = $True
$UserInfo.Update()
}
Catch
{
$UserReport += [PSCustomObject]@{
帳戶= $User.Account
應用 = "AD帳號"
狀態 = "禁用失敗,請檢查帳戶信息"
}
}
}
elseif($User.Approve -eq "已批准" -and $User.Disabled -eq $True -and $User.Deleted -eq $False -and (Get-Date) -ge $User.DismDate.AddDays("30"))
{
$Profiles = $UserProfileManager.GetEnumerator()
$DismUserProfile = $Profiles | Where-Object {$_.MultiloginAccounts -eq "domain\$($User.Account)"}
#刪除SharePoint我的站點
if($DismUserProfile.PersonalSite -ne $Null)
{
Try {
$DismUserProfile.PersonalSite.Delete()
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "SharePoint我的站點"
狀態 = $True
}
}
Catch
{
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "SharePoint我的站點"
狀態 = $False
}
}
}
#刪除SharePoint用戶配置文件
if($DismUserProfile -ne $Null)
{
Try
{
$UserProfileManager.RemoveUserProfile("domain\$($User.Account)")
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "SP配置文件"
狀態 = $True
}
}
Catch
{
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "SP配置文件"
狀態 = $False
}
}
}
#刪除SP帳戶
Try{
#$DisplayName = Get-ADUser -Identity $User.Account -Properties DisplayName
$SPUser = Get-SPUser -Web "http://sp.domain.cn" | Where-Object {$_.DisplayName -eq $DisplayName}
Remove-SPUser -Web "http://sp.domain.cn" -Identity $SPUser -ErrorAction Stop -Confirm:$false
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "SharePoint帳號"
狀態 = $True
}
}
Catch
{
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "SharePoint帳號"
狀態 = $False
}
}
#刪除AD帳戶
Try
{
Get-ADUser $User.Account | Remove-ADObject -Recursive  -Confirm:$False -ErrorAction Stop
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "AD帳號"
狀態 = $True
}
}
Catch
{
$DeleteResult +=[PSCustomObject]@{
帳戶 = $User.Account
應用 = "AD帳號"
狀態 = $False
}
}
#更新禁用信息
$UserInfo["刪除狀態"] = $True
$UserInfo.Update()
}
}函數

$DeleteResult | ForEach-Object {
if($_.狀態 -ne $True)
        {
        $color = $redColor
        }
        else
        {
        $color = $whiteColor
        }ui

  $DataRow = "
        <tr>
        <td width='15%'>$($_.帳戶)</td>
        <td width='25%' >$($_.應用)</td>
        <td width='25%' bgcolor=`'$color`' align='center'>$($_.狀態)</td>
        </tr>
"
Add-Content $DeleteReport $DataRow;
}
Add-Content $DeleteReport "</body></html>"

if($DeleteResult -ne $Null)
{
Send-AdminMessage
}spa

#添加開通狀態到報表內容
$UserReport | ForEach-Object {
if($_.狀態 -ne "已停用")
        {
        $color = $redColor
        }
        else
        {
        $color = $whiteColor
        }3d

  $DataRow = "
        <tr>
        <td width='15%'>$($_.帳戶)</td>
        <td width='25%' >$($_.應用)</td>
        <td width='25%' bgcolor=`'$color`' align='center'>$($_.狀態)</td>
        </tr>
"
Add-Content $ServiceReport $DataRow;
}
Add-Content $ServiceReport "</body></html>"

#發送報表
If($UserReport -ne $Null)
{
Send-Message -Creater $Recipients -ServiceReport $ServiceReport
}
#移除會話和文件
Remove-PSSession $ExSession
Remove-PSSession $LyncSession
Remove-Item $ServiceReport
Remove-Item $DeleteReport
差點忘了舉例子:
禁用完成是這個樣子的郵件

圖片.png

刪除成功是這個樣子的郵件

圖片.png


嗯,整套入離職到此就完整結束了,但願能夠減輕各位IT管理員的負擔,至於部門變動的流程麼,因爲公司小,暫時不涉及,因此須要各位大神們本身動手了。

相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程