update

_NDGOV_WindowsTeam/ITD.Infra-ActiveDirectory.Object/Public/Disable-ITDADUser.ps1

@@ -0,0 +1,49 @@
+function Disable-ITDADUser
+{
+    [CmdletBinding()]
+    Param
+    (
+        [string]
+        $Identity,
+
+        [PSCredential]
+        $Credential
+    )
+
+    Begin
+    {
+        Write-Verbose "Validate credentials, stop script if invalid."
+        If($Credential -eq "" -or $Credential -eq $null)
+        {
+            $Credential = Get-Credential -Message "Enter domain/OU administrator credentials.  User name must be entered as a SAMAccountName (DOMAIN\username) or as a User Principal Name (username@domain.com)" -UserName $Credential
+            If($Credential -eq "" -or $Credential -eq $null)
+            {
+                Write-Warning "credentials missing - stopping script"
+                break
+            }
+            If((Test-ADCredential -Credential $Credential -ErrorAction Stop) -eq $false)
+            {
+                Write-Warning "Invalid credentials or locked account."
+                break
+            }
+        }
+        Import-Module ActiveDirectory
+    }
+    Process
+    {
+        $OUdestination = "OU=DisabledAccounts,OU=USERS,OU=ITD,DC=ND,DC=GOV"
+        ForEach($username in $Identity)
+        {
+            
+            Write-Verbose "[$Username]:Processing"
+            $object = Get-ADUser -Identity $username
+            Write-Verbose "[$Username]:Disabling Object"
+            $object | Set-ADuser -Enabled $false -Credential $Credential
+            Write-Verbose "[$Username]:Moving Object"
+            $object | Move-ADObject -TargetPath $OUdestination -Credential $Credential
+        }
+    }
+    End
+    {
+    }
+}