Last active
November 22, 2023 00:10
-
-
Save fluxdigital/98ea39400173e2da85a93ab7c565d94d to your computer and use it in GitHub Desktop.
Script to disable/enable (lock/unlock) all users, but allow a selection of admin users to exclude - includes safey check for 'sitecore/admin' user
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# *** Script to disable/enable all non admin users. Allows a selection of admin users to exclude - includes safey check for 'sitecore/admin' user *** #> | |
| write-host "Enabling / Disabling users.." | |
| write-host | |
| $options = @{ | |
| "Disable"="disable" | |
| "Enable"="enable" | |
| } | |
| $users = [System.Web.Security.Membership]::GetAllUsers() | |
| foreach($user in $users) { | |
| $roles = Get-User -Identity $user.UserName | Select-Object -ExpandProperty MemberOf | |
| $roleNames = "" | |
| $roles | foreach { $roleNames += $_.Name + ", " } | |
| Add-Member -InputObject $user -MemberType NoteProperty -Name "IsAdministrator" -Value (Get-User -Id $user.UserName).IsAdministrator | |
| Add-Member -InputObject $user -MemberType NoteProperty -Name "RoleNames" -Value $roleNames | |
| } | |
| $adminUsers = $users | Where-Object {$_.IsAdministrator -eq $true} | |
| $userList = New-Object System.Collections.Specialized.OrderedDictionary | |
| # add admin users to list | |
| $selectedUsers = ""; | |
| write-host "Admin Users Found" | |
| write-host "--------------------------" | |
| $adminUsers | % { | |
| write-host "$($_.UserName) - $($_.ProviderUserKey) - $($_.IsAdministrator) " | |
| $userList.Add($_.UserName, $_.ProviderUserKey) | |
| $selectedUsers = $selectedUsers + $_.ProviderUserKey + "|" | |
| } | |
| $props = @{ | |
| Parameters = @( | |
| @{Name="enableoption"; Title="Action"; Options=$options; Tooltip="Enable or Disable users?."}, | |
| @{Name="excludedUsers"; Title="Excluded Admin Users"; Options=$userList; Editor="checklist"; Value=$selectedUsers; Tooltip="The following users will be auto-excluded"} | |
| ) | |
| Title = "Enable/Disable Non-Admin Users" | |
| Description = "Choose to Enable or Disable users." | |
| Width = 500 | |
| Height = 400 | |
| ShowHints = $true | |
| } | |
| $ok = Read-Variable @props | |
| if($ok -eq "ok" -and $enableoption){ | |
| $nonAdminUsers = $users | Where-Object {$excludedUsers -notcontains $_.ProviderUserKey} | |
| $continue = "yes" | |
| #check if sitecore/admin user is included by accident or not? | |
| if($excludedUsers -notcontains "958e0862-6e63-4d18-a761-3db0b091fa59" -and $enableoption -eq 'disable'){ | |
| $continue = Show-Confirm -Title "You have included the 'sitecore/admin' user to disable - are you sure you wish to do this?" | |
| } | |
| if($continue -eq "yes"){ | |
| write-host "" | |
| write-host "$($enableoption)ing $($nonAdminUsers.Count) Users..." -ForegroundColor "Green" | |
| write-host "--------------------------" | |
| foreach ($user in $nonAdminUsers){ | |
| write-host "$($user.UserName) - Enabled?: $($user.IsApproved) - Locked Out?: $($user.IsLockedOut)" | |
| if($enableoption -eq 'disable'){ | |
| Disable-User -Identity $user.UserName | |
| } | |
| else{ | |
| Enable-User -Identity $user.UserName | |
| } | |
| } | |
| Show-Alert -Title "$($nonAdminUsers.Count) Users $($enableoption)d!. Please close this dialog to view the report." | |
| $updatedNonAdminUsers = [System.Web.Security.Membership]::GetAllUsers() | Where-Object {$excludedUsers -notcontains $_.ProviderUserKey} | |
| $updatedNonAdminUsers | Show-ListView -Property ` | |
| @{Label="Icon"; Expression={ | |
| if ($_.IsLockedOut){ "Office/32x32/lock.png"} | |
| elseif (-not ($_.IsApproved)){ "Office/32x32/dude5.png"} | |
| elseif($_.IsOnline -and $_.IsAdministrator) { "Office/32x32/astrologer.png" } | |
| elseif($_.IsOnline) { "Office/32x32/businessperson.png" } | |
| else {"Office/32x32/clock.png"}}}, | |
| @{Label="User"; Expression={ $_.UserName} }, | |
| @{Label="Is Online"; Expression={ $_.IsOnline} }, | |
| @{Label="Is Locked Out"; Expression={ $_.IsLockedOut} }, | |
| @{Label="Is Disabled"; Expression={ -not $_.IsApproved} }, | |
| @{Label="Is Administrator"; Expression={ (Get-User -Id $_.UserName).IsAdministrator } }, | |
| @{Label="Last Activity Date"; Expression={ $_.LastActivityDate } }, | |
| @{Label="Last Login Date"; Expression={ $_.LastLoginDate} }, | |
| @{Label="Creation Date"; Expression={ $_.CreationDate} } | |
| #@{Label="Roles"; Expression={$_.RoleNames} } | |
| Close-Window | |
| } | |
| else{ | |
| write-host "cancelled." -ForegroundColor "Red" | |
| } | |
| } | |
| else{ | |
| write-host "cancelled or no option selected." -ForegroundColor "Red" | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment