Powershell - Terminate Employee in Active Directory

Here's a quick little script to terminate an employee in Active Directory. I'm using the quest AD Powershell command-lets in this script. This uses powershell to disable the AD Account, Change the AD password to a random password, set the description of the account and remove all the group membership from the account.

Input text file looks like this:
empID
08791
08792

Powershell Script:

# ---------------------------
# Add Quest AD Snapin
# ---------------------------
if(-not (Get-PSSnapin | where { $_.Name -match 'quest.activeroles.admanagement' })) {
  add-PSSnapin quest.activeroles.admanagement
}
# Load Assembly so we can easily generate a random password.[Reflection.Assembly]::LoadWithPartialName(”System.Web”)

$s = get-credential
connect-qadservice -credential $s -Service "mydomain.com"

Import-Csv "employeeIDList.txt" | foreach {
  $user = get-QADObject -SearchRoot 'mydomain.com/People' -Type User -ldapFilter "(employeeID=$_.empID)"
  if($user) {
    write-host "Disabling " $user.samAccountName
    # generate random password
    $ranpassword = [System.Web.Security.Membership]::GeneratePassword(10,2)
    # Disable User Account
    $user | Disable-QADUser
    # Set User's Description to Terminated and set a random password
    $user | set-QADUser -Description "Terminated" -UserPassword $ranpassword
    # Remove User from all Groups (does not include domain users)
    $user.memberof | Get-QADGroup | Remove-QADGroupMember -member $user
    # Move user to Terminated OU
    $user | Move-QADUser -NewParentContainer 'mydomain.com/Terminated'
  } else {
    write-host $_.empID "not found in Active Directory"
  }
  $user = $False
}

SMTP Relay with Exchange 2007 - part 2

Problem: I needed to add new applications / servers to the SMTP Relay Connector and document the additions.

Solution: Powershell script that reads a csv file with needed server / application / admin info. It then adds the IP address to the connector and logs the info to another CSV file.

CSV Files looks like this:
IP,Server,Admin,Application,fromaddr
10.0.0.1,SQL01,John Doe,SQL Mailer,jdoe@mydomain.com

Powershell script

----------------------------------

# Grab all our current connectors - should be 1 per hub server
$Connectors = Get-ReceiveConnector | where { $_.Name -eq "SMTP-Relay" }

# set value to current IP listed in first connector found
$ip = $connectors[0].RemoteIpRanges

# Open the File of IPs to add
$import = Import-Csv "1-NewSMTPRelayAddress.txt"
$updateConnector = $false

# Loop through CSV File
$import | Foreach {
 # Set Vars
 $newip = $_.ip

 # Update Documentation (IP, Server, Admin, Application, Date Access Granted)
 $thedate2 = Get-Date -f "yyyy-MM-dd HH:mm"
 $out = $newip + "," + $_.Server + "," + $_.Admin + ","
 $out += $_.Application + "," + $_.fromaddr + "," + $thedate2 + "`n"
 $out | out-file SMTP_Relay_Access.csv -append

 # add new ip to the list
 $ip += $newip

 # set a var so we know we need to update the connectors
 $updateConnector = $true
}


if($updateConnector) {
 # add those to all the connectors
 $Connectors | Set-ReceiveConnector -RemoteIPRanges $ip
 Write-host "The Following IPs are in the Connector" $ip

 # Log run and clear file
 $newname = $thedate + "_IPsAdded.txt"
 copy-item -path "1-NewSMTPRelayAddress.txt" -destination "Log\$newname"
 "IP,Server,Admin,Application,fromaddr" | out-file 1-NewSMTPRelayAddress.txt
} else {
 write-host "No addresses found in the file"
}

SMTP Relay with Exchange 2007 - Part 1

Problem: We needed to allow specific servers / applications to send through our Exchange servers without first authenticating.

Solution: In order to do this we setup a send connector on our Exchange HUB servers that allowed any of the specified IP's to send without authentication.

Powershell to setup the Exchange Connector:

$remoteserver = '10.0.0.1'
$emaildomain = 'mydomain.com'
$HubServers = get-exchangeserver | where { $_.ServerRole -match "HubTransport" }
$HubServers | new-ReceiveConnector -Name 'SMTP-Relay' -Usage 'Custom' -Bindings '0.0.0.0:25' -Fqdn 'mydomain.com' -RemoteIPRanges '10.0.0.1' -AuthMechanism Tls,ExternalAuthoritative -PermissionGroups ExchangeServers