When staff members leave the organisation, we move their account to a sub-OU named “Leavers” under their office’s OU. This triggers their mailbox to be archived in Enterprise Vault.
I thought it was about time to put together a quick scheduled task to ensure that all these “leavers” were automatically disabled and hidden from the Exchange address lists without IT manually having to do it.
I came across this handy and concise example, and modified it to run through a group of OUs while doing what I needed it to do.
Here’s the code. As always, run at your own risk, and test it before putting it into production:
On Error Resume Next Dim arrLeaverOrgUnits, objOU arrLeaverOrgUnits = Array("LDAP://OU=Leavers,OU=Sydney,DC=contoso,DC=com",_ "LDAP://OU=Leavers,OU=Melbourne,DC=contoso,DC=com") For Each strOU in arrLeaverOrgUnits Set objOU = GetObject(strOU) ' Let's be extra-paranoid here, and make sure we're only working on the leavers OU ' in case someone adds the wrong OU into the array above If objOU.Name <> "OU=Leavers" Then Exit For ' Loop through each object in the current OU For Each objObject In objOU ' If the current object is a user If objObject.class="user" then 'Disable the account objObject.AccountDisabled = True ' Hide the account from the Exchange address lists objObject.Put "msExchHideFromAddressLists", True ' Write the information back to the user object in AD objObject.SetInfo 'WScript.Echo objObject.Name & " disabled and hidden from Exchange address lists" End if Next Set objOU = Nothing Next