Introduction
Efficient user offboarding is crucial for maintaining security and compliance in Azure Active Directory. This script automates the process of disabling a user account, removing licenses, and optionally forwarding emails.
Use Case
This script is useful for:
- Improving Security: Disabling accounts promptly prevents unauthorized access by former employees.
- Optimizing Licenses: Reclaiming licenses from inactive accounts saves costs.
- Ensuring Compliance: Automating the offboarding process helps meet regulatory requirements.
Script
# Connect to Azure AD
Connect-AzureAD
# Set the user principal name of the user to offboard
$userPrincipalName = "<User Principal Name>"
# Disable the user account
Set-AzureADUser -ObjectId $userPrincipalName -AccountEnabled $false
# Remove all licenses assigned to the user
$licenses = (Get-AzureADUser -ObjectId $userPrincipalName).AssignedLicenses
foreach ($license in $licenses) {
Remove-AzureADUserLicense -ObjectId $userPrincipalName -License $license
}
# Optionally, set up email forwarding (replace with the target email address)
Set-AzureADUser -ObjectId $userPrincipalName -ForwardingSmtpAddress "<Target Email Address>"
Explanation
- The script connects to your Azure AD tenant.
- It disables the specified user account.
- It retrieves and removes all licenses assigned to the user.
- It optionally sets up email forwarding to another address.
Outro
This script provides a starting point for automating user offboarding in Azure AD. You can customize it further to meet your specific requirements, such as adding actions to remove the user from groups or transfer ownership of their OneDrive files.
Tags
Azure AD, PowerShell, User Offboarding, Automation, Security, Identity Management, License Management