An Engineers Notebook

Office 365 – Leavers script

This script is designed to be used with the script password encryption for Office 365. See here for more info. 

The out of office part of the script relies on invoking two other scripts I have made. 

Out of Office

Out of Office Custom

## The following four lines only need to be declared once in your script.
$yes = New-Object System.Management.Automation.Host.ChoiceDescription "&Yes","Description."
$no = New-Object System.Management.Automation.Host.ChoiceDescription "&No","Description."
$options = [System.Management.Automation.Host.ChoiceDescription[]]($yes, $no)
## Auto Reply Function
function AutoReply {
[email protected]"
You can now set an out of office, or Quit.
1 Out Of Office - Set template (Must provide alternate contact details)
2 Out of Office - Set a custom message
Q Quit
Select a task by number or Q to quit
Write-Host "Out Of Office" -ForegroundColor Cyan
$r = Read-Host $menu
Switch ($r) {
"1" {
    Write-Host "Loading..." -ForegroundColor Green
    Invoke-Expression -command ._04Out_Of_Office.ps1
"2" {
    Write-Host "Loading..." -ForegroundColor Green
    Invoke-Expression -command ._05Out_Of_Office_Custom_Message.ps1
"Q" {
    Write-Host "Removing any PS Sessions..." -ForegroundColor Green
    Get-PSSession | Remove-PSSession
default {
    Write-Host "Choose a valid option... Fool!" -ForegroundColor Yellow
} #end switch 

Import-Module MSOnline
$rootpath = (get-item '.' ).parent.FullName
$clientname = Get-Content "$rootpathclient.txt" -Raw
$user = Get-Content "$rootpathUserID.txt"
$PasswordFile = "$rootpathPassword.txt"
$KeyFile = "C:ICUAES.key"
$key = Get-Content $KeyFile
$UserCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection
Write-Host "Connecting to Exchange Online for $clientname"
Import-PSSession $Session
Write-Host "Connecting to Office 365..."
Connect-MsolService -Credential $UserCredential
## Prompt to search for email address
function EmailSearch {
$title = "Email Search"
$message = "Do you want to search for an email address before you start?"
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result) {
        $search = Read-Host "Enter Name to Search"
        Write-Host "Searching..."
        Get-Mailbox | Where-Object { $_.Name -Like "*$search*" } | Select-Object DisplayName,PrimarySmtpAddress | Format-Table
        Write-Host "Exiting Search..."

function RemoveUser{
#Block User Sign in
Write-Host "Blocking User Sign-in Access..."
Set-MsolUser -UserPrincipalName $emailaddress -BlockCredential $true
#Convert Mailbox to shared
Write-Host "Converting Mailbox to Shared..."
Set-Mailbox $emailaddress -type Shared
Write-Host "Waiting for mailbox to finish converting..."
Start-Sleep 30
#Remove Users Licence
Write-Host "Removing Office 365 License..."
$O365User = Get-MsolUser -UserPrincipalName $emailaddress
Set-MsolUserLicense -userprincipalname $emailaddress -Removelicenses $O365User.Licenses.AccountSkuID
## Prompt to add deligate access repated
function DeligateAccessLoop {
$title = "Deligate Access"
$message = "Do you want to provide access to the mailbox to someone else?"
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result) {
        $deligate = Read-Host "Enter the email address of the deligate"
        Add-MailboxPermission –Identity $emailaddress –User $deligate –AccessRights Fullaccess
        Write-Host "Adding Mailbox permissions..." -ForegroundColor Cyan
function RemovefromDistros {
$title = "Remove from groups"
$message = "Do you want to remove this user from all distro groups in the tenant?"
$result = $host.ui.PromptForChoice($title, $message, $options, 1)
switch ($result) {
    Write-Host "Output will show errors for each group that the user was not a member of, this is noraml, press enter to continue."
    $DGs= Get-DistributionGroup
    foreach($dg in $DGs)
    {Remove-DistributionGroupMember $ -Member $emailaddress -confirm:$false}
        Write-Host "Skipping Distro Removal..."
#Grab User ID
$emailaddress = Read-Host "Enter the users Email address"

Leave a Reply

Your email address will not be published.