hsmalley/gist:9c3bf7eef6622aa60031 Secret

## gistfile1.ps1
<# This is a auto termination script. It's going to royaly screw an account. So make sure you want that. Okay?
# You really shouldn't monkey around with this as it assumes the following:
#	0. YOU KNOW WHAT YOU'RE DOING!
#	1. The account running it has exchange admin access
#	2. The computer running is set to EST.
#	3. The account running it has access to the IT share.
#	4. You have the Quest Active Roles AD Cmdlets installed.
#	5. 0-4
#>
# Add Quest CMDLETS
Add-PSSnapin Quest.ActiveRoles.ADManagement -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
# Get Timestamp
$Date = Get-Date
# Setup Email fields
$SMTP = New-Object Net.Mail.SMTPClient
$SMTP.Host = "mail.DOMAIN.LOCAL"
$SMTP.TargetName = "mail.DOMAIN.LOCAL"
$EmailFrom = "HELLDESK@DOMAIN.LOCAL"
$EmailTO = "HELLDESK@DOMAIN.LOCAL"
$Subject = "User Termination - $Env:COMPUTERNAME"
# Start crafting the message.
$Message = New-Object System.Net.Mail.MailMessage $EmailFrom, $EmailTO
$Message.Subject = $Subject
$Message.IsBodyHTML = $true
# CSS Style for Email.
$Style = "<style>BODY{font-family: Arial; font-size: 10pt;}"
$Style = $Style + "TABLE{border: 1px solid black; border-collapse: collapse;}"
$Style = $Style + "TH{border: 1px solid black; background: #dddddd; padding: 5px;}"
$Style = $Style + "TD{border: 1px solid black; padding: 5px;}"
$Style = $Style + "</style>"
# Generate a Random Password for the User
Function Generate-Password {
	$Password = $null
	$Random = $null
	#Set up random number generator
	$Random = New-Object System.Random
	#Generate a new 10 character password
	1..10 | ForEach { $Password = $Password + [char]$Random.next(33,127) }
	$Password
}
#Connect to Exchange SERVER
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://EXCH\\SERVER/PowerShell/"
Import-PSSession $Session -AllowClobber
# Import the list of people heading to Château d'If
$Users = Import-Csv "\\SERVER\User Termination Log\TermUsers.csv"
$Users | ForEach-Object {
	# Setup Variables
	$User = $_
	$TimeZone = $User.TimeZone
	$TermUser = $User.OPID
	$TermDate = $User.Date
	# DATE CHECK
	IF (($TermDate -ieq (Get-Date -Format yyyyMMdd)) -or ($TermDate -lt (Get-Date -Format yyyyMMdd))) {
		# TIME ZONES
		IF ($TermDate -lt (Get-Date -Format yyyyMMdd)) {$RunTerm = "YES"} #If we missed someone this will make sure we get this.
		# The task runs an hour after these times. So we're save with this.
		ELSEIF (($TimeZone -ieq "EST") -and ($Date.Hour -gt "16")) {$RunTerm = "YES"}
		ELSEIF (($TimeZone -ieq "CST") -and ($Date.Hour -gt "17")) {$RunTerm = "YES"}
		ELSEIF (($TimeZone -ieq "MNT") -and ($Date.Hour -gt "18")) {$RunTerm = "YES"}
		ELSEIF (($TimeZone -ieq "PST") -and ($Date.Hour -gt "19")) {$RunTerm = "YES"}
		ELSE {$RunTerm = "NO"}
	}
	# Run the termination if it's time.
	IF (($RunTerm -eq "YES") -and ((Get-QADObject -Identity $TermUser | Get-QADMemberOf) -notmatch "Disabled Users")) {
		# Generate a Random Password for the User
		$Password = Generate-Password
		# Convert OPID to User Account information for Quest AD Tools
		$ADTermUser = Get-QADUser -Identity $TermUser
		# Move User to the Disabled User OU
		Move-QADObject -Identity $ADTermUser -NewParentContainer (Get-QADObject "Users - Disabled")
		# Refresh ADTermUser
		$ADTermUser = Get-QADUser -Identity $TermUser
		# Try to correct possible human error.
		$TermUser = $ADTermUser.LogonName
		# Get the Display Name for the User
		$ADTermUserDisplayName = $ADTermUser.DisplayName
		# Get the User's Manager. If the user doesn't have a manager (OR has an invalid manager) a manager will be assigned to them.
		IF ((Get-QADObject -Identity $ADTermUser.Manager) -eq $null) {$ADTermUserManager = Get-QADUser -Identity "disabledusermanager"}
		ELSE {$ADTermUserManager = Get-QADObject -Identity $ADTermUser.Manager}
		# Set the User's Manager's Logon Name
		$TermUserManager = $ADTermUserManager.LogonName
		# Get the Manager's Display Name
		$ADTermUserManagerDisplayName = $ADTermUserManager.DisplayName
		#Set Expire Date
		$Expire = $Date.AddMonths(13)
		<# START CSV LOG #>
		$Log =  New-Object PSObject
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "Run Date" -Value $Date -Force
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "Remove After" -Value $Expire -Force
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "User ID" -Value $TermUser -Force
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "User Name" -Value $ADTermUserDisplayName -Force
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "Manager ID" -Value $TermUserManager -Force
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "Manager" -Value $ADTermUserManagerDisplayName -Force
		Add-Member -MemberType NoteProperty -InputObject $Log -Name "Tech" -Value "AUTOMAGICAL" -Force
		$TermLog = @()
		$TermLog += $Log
		$LogPath = "\\SERVER\User Termination Log\TermLog.csv"
		$TermLog | Export-Csv -Append -Force -NoTypeInformation $LogPath
		<# END CSV LOG #>
		# Disable AD Account and add to Disabled Users Group
		Disable-QADUser -Identity $ADTermUser -Confirm:$false
		Add-QADGroupMember -Identity "Disabled Users" -Member $ADTermUser -Confirm:$false
		# Set Description
		$Description = ($AdtermUser.Description + " - Terminated On: $Date")
		# Removes Title, Office, Phones, Fax, changes password to random number, set description, and change primary group to Disabled Users.
		# It's not on a single line for a reason, go ahead and test the wheels fate; if that's what you're into...
		Set-QADUser -Identity $ADTermUser -Title '' -Office '' -PhoneNumber '' -MobilePhone '' -Pager '' -Fax ''  -Description $Description -Confirm:$false
		Set-QADUser -Identity $ADTermUser -UserMustChangePassword $true -UserPassword $Password -Confirm:$false
		Set-QADUser -Identity $ADTermUser -AccountExpires $Expire -Confirm:$false
		Set-QADUser -Identity $ADTermUser -objectAttributes @{PrimaryGroupID='99999'} -Confirm:$false
		# Remove Groups
		$ADTermUser.MemberOf | Remove-QADGroupMember -Member $ADTermUser -Confirm:$false
		# Hide the user from the GAL and set forwarding of the user's mail to the manager.
		Set-Mailbox -Identity $TermUser -hiddenfromaddresslistsenabled $True -ForwardingAddress $TermUserManager
		# Set out of office reply aka Let's people who who got canned.
		Set-MailboxAutoReplyConfiguration -Identity $TermUser -autoreplystate enabled -InternalMessage "Thank you for your email, unfortunately the person you have contacted is no longer with LUA." -ExternalMessage "Thank you for your email, unfortunately the person you have contacted is no longer with LUA, however your email has been forwarded to someone who can help you."
		# Give Manager Full Access
		Add-MailboxPermission $TermUser -User $TermUserManager -AccessRights fullaccess
		# Punches their mail clients and phones in the face.
		Set-CASMailbox -Identity $TermUser -OwaEnabled $false -EcpEnabled $false -EwsEnabled $false -MapiEnabled $false -ImapEnabled $false -PopEnabled $false -ActiveSyncEnabled $false -Confirm:$false
		Set-CASMailbox -Identity $TermUser -MapiBlockOutlookRpcHttp $true -EwsAllowMacOutlook $false -EwsAllowOutlook $false -EwsAllowEntourage $false -Confirm:$false
		# Banishes their phones.
		Get-ActivesyncDevice -Mailbox $TermUser | Remove-ActiveSyncDevice -Confirm:$false
		# Send an email that the termination is done.
		$Body = "AD Termination for $TermUser has completed. <br>"
		$Body += "Script Name:	Auto_Terminate_User.ps1 <br>"
		$Body += "Running on: $Env:COMPUTERNAME <br>"
		$Body += "<hr>"
		$Body += "<b> USER REPORT </b><br>"
		$Body += Get-QADUser -Identity $TermUser | Select-Object -Property DisplayName,AccountIsDisabled,UserMustChangePassword,PrimaryGroupId,Manager,AccountExpirationStatus | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER MAILBOX REPORT </b><br>"
		$Body += Get-CASMailbox $TermUser | Select-Object DisplayName,MapiEnabled,MAPIBlockOutlookRpcHttp | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER DEVICE REPORT - <i>Should be empty</i></b><br>"
		$Body += Get-ActivesyncDevice -Mailbox $TermUser | Select-Object DeviceType,DeviceId,DeviceUserAgent | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TO TERM </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" | ConvertTo-Html
		$Body += "<hr>"
		$Message.Body = ConvertTo-Html -Head $Style -Body $Body
		$SMTP.Send($Message)
	}
	# Clean Up - This part checks to make sure the user account was terminated correctly and enable MAPI on the mailbox.
	# If the user is a member of Disabled Users, account is disabled, mapi is disabled on mailbox, and it's been more than 1 day.
	IF (($RunTerm -eq "YES") -and ((Get-QADObject -Identity $TermUser | Get-QADMemberOf) -match "Disabled Users") -and ((Get-QADObject -Identity $TermUser).get_AccountIsDisabled() -eq $true) -and ($Date.AddDays(1) -gt ((Get-QADObject -Identity $TermUser).get_ModificationDate())) -and ((Get-CASMailbox -Identity $TermUser).MAPIEnabled -eq $false)) {
		# Enable MAPI
		Set-CASMailbox -Identity $TermUser -MapiEnabled $true -MapiBlockOutlookRpcHttp $false -Confirm:$false
		# Start Moving The Mailbox
		New-MoveRequest -Identity $TermUser -BadItemLimit 5 -TargetDatabase "DISABLEDDATABASE" -Confirm:$false
		# Send Email
		$Body = "Clean up on $TermUser is done.<br>"
		$Body += "MAPI has been enabled on mailbox.<br>"
		$Body += "Mailbox is moving to DISABLEDDATABASE Database.<br>"
		$Body += "Please check Exchange move requests for errors moving the mailbox. <br>"
		$Body += "Script Name:	Auto_Terminate_User.ps1 <br>"
		$Body += "Running on: $Env:COMPUTERNAME <hr>"
		$Body += "<b> USER MAILBOX REPORT </b><br>"
		$Body += Get-CASMailbox $TermUser | Select-Object DisplayName,MapiEnabled,MAPIBlockOutlookRpcHttp | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER REPORT </b><br>"
		$Body += Get-QADUser -Identity $TermUser | Select-Object -Property DisplayName,AccountIsDisabled,UserMustChangePassword,PrimaryGroupId,Manager,AccountExpirationStatus | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TO TERM </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TERMLOG </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" | ConvertTo-Html
		$Message.Body = ConvertTo-Html -Head $Style -Body $Body
		$SMTP.Send($Message)
	}
	# If the account is not in the disabled users or disabled run this
	ELSEIF (($RunTerm -eq "YES") -and ((Get-QADObject -Identity $TermUser | Get-QADMemberOf) -notmatch "Disabled Users") -or ((Get-QADObject -Identity $TermUser).get_AccountIsDisabled() -eq $false)) {
		# Send Email
		$Body = "Clean up on $TermUser is not done. <br><br>"
		$Body += "Either account is not terminated correctly or is not disabled.<hr>"
		$Body += "<b> USER REPORT </b><br>"
		$Body += Get-QADUser -Identity $TermUser | Select-Object -Property DisplayName,AccountIsDisabled,UserMustChangePassword,PrimaryGroupId,Manager,AccountExpirationStatus | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER MAILBOX REPORT </b><br>"
		$Body += Get-CASMailbox $TermUser | Select-Object DisplayName,MapiEnabled,MAPIBlockOutlookRpcHttp | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TO TERM </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TERMLOG </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" | ConvertTo-Html
		$Message.Body = ConvertTo-Html -Head $Style -Body $Body
		$SMTP.Send($Message)
	}
	# If the account hasn't been terminated for more than one day run this.
	ELSEIF (($RunTerm -eq "YES") -and ($Date.AddDays(1) -lt ((Get-QADObject -Identity $TermUser).get_ModificationDate()))) {
		# Send Email
		$Body = "Clean up on $TermUser is not done. <br><br>"
		$Body += "24 hours have not passed since termination.<hr>"
		$Body += "<b> USER TO TERM </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TERMLOG </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" | ConvertTo-Html
		$Message.Body = ConvertTo-Html -Head $Style -Body $Body
		$SMTP.Send($Message)
	}
	# Otherwise, there's nothing to do.
	ELSE {$RunTerm = "NO"}
	IF ($RunTerm -eq "NO") {
		<# Send Email
		$Body = "NOTHING TO DO!<hr>"
		$Body += "<b> USER TO TERM </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" | ConvertTo-Html
		$Body += "<hr>"
		$Body += "<b> USER TERMLOG </b><br>"
		$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" | ConvertTo-Html
		$Message.Body = ConvertTo-Html -Head $Style -Body $Body
		$SMTP.Send($Message)
		#>
	}
}
	<# This is a auto termination script. It's going to royaly screw an account. So make sure you want that. Okay?
	# You really shouldn't monkey around with this as it assumes the following:
	# 0. YOU KNOW WHAT YOU'RE DOING!
	# 1. The account running it has exchange admin access
	# 2. The computer running is set to EST.
	# 3. The account running it has access to the IT share.
	# 4. You have the Quest Active Roles AD Cmdlets installed.
	# 5. 0-4
	#>
	# Add Quest CMDLETS
	Add-PSSnapin Quest.ActiveRoles.ADManagement -WarningAction SilentlyContinue -ErrorAction SilentlyContinue
	# Get Timestamp
	$Date = Get-Date
	# Setup Email fields
	$SMTP = New-Object Net.Mail.SMTPClient
	$SMTP.Host = "mail.DOMAIN.LOCAL"
	$SMTP.TargetName = "mail.DOMAIN.LOCAL"
	$EmailFrom = "HELLDESK@DOMAIN.LOCAL"
	$EmailTO = "HELLDESK@DOMAIN.LOCAL"
	$Subject = "User Termination - $Env:COMPUTERNAME"
	# Start crafting the message.
	$Message = New-Object System.Net.Mail.MailMessage $EmailFrom, $EmailTO
	$Message.Subject = $Subject
	$Message.IsBodyHTML = $true
	# CSS Style for Email.
	$Style = "<style>BODY{font-family: Arial; font-size: 10pt;}"
	$Style = $Style + "TABLE{border: 1px solid black; border-collapse: collapse;}"
	$Style = $Style + "TH{border: 1px solid black; background: #dddddd; padding: 5px;}"
	$Style = $Style + "TD{border: 1px solid black; padding: 5px;}"
	$Style = $Style + "</style>"
	# Generate a Random Password for the User
	Function Generate-Password {
	$Password = $null
	$Random = $null
	#Set up random number generator
	$Random = New-Object System.Random
	#Generate a new 10 character password
	1..10 \| ForEach { $Password = $Password + [char]$Random.next(33,127) }
	$Password
	}
	#Connect to Exchange SERVER
	$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "http://EXCH\\SERVER/PowerShell/"
	Import-PSSession $Session -AllowClobber
	# Import the list of people heading to Château d'If
	$Users = Import-Csv "\\SERVER\User Termination Log\TermUsers.csv"
	$Users \| ForEach-Object {
	# Setup Variables
	$User = $_
	$TimeZone = $User.TimeZone
	$TermUser = $User.OPID
	$TermDate = $User.Date
	# DATE CHECK
	IF (($TermDate -ieq (Get-Date -Format yyyyMMdd)) -or ($TermDate -lt (Get-Date -Format yyyyMMdd))) {
	# TIME ZONES
	IF ($TermDate -lt (Get-Date -Format yyyyMMdd)) {$RunTerm = "YES"} #If we missed someone this will make sure we get this.
	# The task runs an hour after these times. So we're save with this.
	ELSEIF (($TimeZone -ieq "EST") -and ($Date.Hour -gt "16")) {$RunTerm = "YES"}
	ELSEIF (($TimeZone -ieq "CST") -and ($Date.Hour -gt "17")) {$RunTerm = "YES"}
	ELSEIF (($TimeZone -ieq "MNT") -and ($Date.Hour -gt "18")) {$RunTerm = "YES"}
	ELSEIF (($TimeZone -ieq "PST") -and ($Date.Hour -gt "19")) {$RunTerm = "YES"}
	ELSE {$RunTerm = "NO"}
	}
	# Run the termination if it's time.
	IF (($RunTerm -eq "YES") -and ((Get-QADObject -Identity $TermUser \| Get-QADMemberOf) -notmatch "Disabled Users")) {
	# Generate a Random Password for the User
	$Password = Generate-Password
	# Convert OPID to User Account information for Quest AD Tools
	$ADTermUser = Get-QADUser -Identity $TermUser
	# Move User to the Disabled User OU
	Move-QADObject -Identity $ADTermUser -NewParentContainer (Get-QADObject "Users - Disabled")
	# Refresh ADTermUser
	$ADTermUser = Get-QADUser -Identity $TermUser
	# Try to correct possible human error.
	$TermUser = $ADTermUser.LogonName
	# Get the Display Name for the User
	$ADTermUserDisplayName = $ADTermUser.DisplayName
	# Get the User's Manager. If the user doesn't have a manager (OR has an invalid manager) a manager will be assigned to them.
	IF ((Get-QADObject -Identity $ADTermUser.Manager) -eq $null) {$ADTermUserManager = Get-QADUser -Identity "disabledusermanager"}
	ELSE {$ADTermUserManager = Get-QADObject -Identity $ADTermUser.Manager}
	# Set the User's Manager's Logon Name
	$TermUserManager = $ADTermUserManager.LogonName
	# Get the Manager's Display Name
	$ADTermUserManagerDisplayName = $ADTermUserManager.DisplayName
	#Set Expire Date
	$Expire = $Date.AddMonths(13)
	<# START CSV LOG #>
	$Log = New-Object PSObject
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "Run Date" -Value $Date -Force
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "Remove After" -Value $Expire -Force
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "User ID" -Value $TermUser -Force
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "User Name" -Value $ADTermUserDisplayName -Force
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "Manager ID" -Value $TermUserManager -Force
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "Manager" -Value $ADTermUserManagerDisplayName -Force
	Add-Member -MemberType NoteProperty -InputObject $Log -Name "Tech" -Value "AUTOMAGICAL" -Force
	$TermLog = @()
	$TermLog += $Log
	$LogPath = "\\SERVER\User Termination Log\TermLog.csv"
	$TermLog \| Export-Csv -Append -Force -NoTypeInformation $LogPath
	<# END CSV LOG #>
	# Disable AD Account and add to Disabled Users Group
	Disable-QADUser -Identity $ADTermUser -Confirm:$false
	Add-QADGroupMember -Identity "Disabled Users" -Member $ADTermUser -Confirm:$false
	# Set Description
	$Description = ($AdtermUser.Description + " - Terminated On: $Date")
	# Removes Title, Office, Phones, Fax, changes password to random number, set description, and change primary group to Disabled Users.
	# It's not on a single line for a reason, go ahead and test the wheels fate; if that's what you're into...
	Set-QADUser -Identity $ADTermUser -Title '' -Office '' -PhoneNumber '' -MobilePhone '' -Pager '' -Fax '' -Description $Description -Confirm:$false
	Set-QADUser -Identity $ADTermUser -UserMustChangePassword $true -UserPassword $Password -Confirm:$false
	Set-QADUser -Identity $ADTermUser -AccountExpires $Expire -Confirm:$false
	Set-QADUser -Identity $ADTermUser -objectAttributes @{PrimaryGroupID='99999'} -Confirm:$false
	# Remove Groups
	$ADTermUser.MemberOf \| Remove-QADGroupMember -Member $ADTermUser -Confirm:$false
	# Hide the user from the GAL and set forwarding of the user's mail to the manager.
	Set-Mailbox -Identity $TermUser -hiddenfromaddresslistsenabled $True -ForwardingAddress $TermUserManager
	# Set out of office reply aka Let's people who who got canned.
	Set-MailboxAutoReplyConfiguration -Identity $TermUser -autoreplystate enabled -InternalMessage "Thank you for your email, unfortunately the person you have contacted is no longer with LUA." -ExternalMessage "Thank you for your email, unfortunately the person you have contacted is no longer with LUA, however your email has been forwarded to someone who can help you."
	# Give Manager Full Access
	Add-MailboxPermission $TermUser -User $TermUserManager -AccessRights fullaccess
	# Punches their mail clients and phones in the face.
	Set-CASMailbox -Identity $TermUser -OwaEnabled $false -EcpEnabled $false -EwsEnabled $false -MapiEnabled $false -ImapEnabled $false -PopEnabled $false -ActiveSyncEnabled $false -Confirm:$false
	Set-CASMailbox -Identity $TermUser -MapiBlockOutlookRpcHttp $true -EwsAllowMacOutlook $false -EwsAllowOutlook $false -EwsAllowEntourage $false -Confirm:$false
	# Banishes their phones.
	Get-ActivesyncDevice -Mailbox $TermUser \| Remove-ActiveSyncDevice -Confirm:$false
	# Send an email that the termination is done.
	$Body = "AD Termination for $TermUser has completed. <br>"
	$Body += "Script Name: Auto_Terminate_User.ps1 <br>"
	$Body += "Running on: $Env:COMPUTERNAME <br>"
	$Body += "<hr>"
	$Body += "<b> USER REPORT </b><br>"
	$Body += Get-QADUser -Identity $TermUser \| Select-Object -Property DisplayName,AccountIsDisabled,UserMustChangePassword,PrimaryGroupId,Manager,AccountExpirationStatus \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER MAILBOX REPORT </b><br>"
	$Body += Get-CASMailbox $TermUser \| Select-Object DisplayName,MapiEnabled,MAPIBlockOutlookRpcHttp \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER DEVICE REPORT - <i>Should be empty</i></b><br>"
	$Body += Get-ActivesyncDevice -Mailbox $TermUser \| Select-Object DeviceType,DeviceId,DeviceUserAgent \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TO TERM </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" \| ConvertTo-Html
	$Body += "<hr>"
	$Message.Body = ConvertTo-Html -Head $Style -Body $Body
	$SMTP.Send($Message)
	}
	# Clean Up - This part checks to make sure the user account was terminated correctly and enable MAPI on the mailbox.
	# If the user is a member of Disabled Users, account is disabled, mapi is disabled on mailbox, and it's been more than 1 day.
	IF (($RunTerm -eq "YES") -and ((Get-QADObject -Identity $TermUser \| Get-QADMemberOf) -match "Disabled Users") -and ((Get-QADObject -Identity $TermUser).get_AccountIsDisabled() -eq $true) -and ($Date.AddDays(1) -gt ((Get-QADObject -Identity $TermUser).get_ModificationDate())) -and ((Get-CASMailbox -Identity $TermUser).MAPIEnabled -eq $false)) {
	# Enable MAPI
	Set-CASMailbox -Identity $TermUser -MapiEnabled $true -MapiBlockOutlookRpcHttp $false -Confirm:$false
	# Start Moving The Mailbox
	New-MoveRequest -Identity $TermUser -BadItemLimit 5 -TargetDatabase "DISABLEDDATABASE" -Confirm:$false
	# Send Email
	$Body = "Clean up on $TermUser is done.<br>"
	$Body += "MAPI has been enabled on mailbox.<br>"
	$Body += "Mailbox is moving to DISABLEDDATABASE Database.<br>"
	$Body += "Please check Exchange move requests for errors moving the mailbox. <br>"
	$Body += "Script Name: Auto_Terminate_User.ps1 <br>"
	$Body += "Running on: $Env:COMPUTERNAME <hr>"
	$Body += "<b> USER MAILBOX REPORT </b><br>"
	$Body += Get-CASMailbox $TermUser \| Select-Object DisplayName,MapiEnabled,MAPIBlockOutlookRpcHttp \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER REPORT </b><br>"
	$Body += Get-QADUser -Identity $TermUser \| Select-Object -Property DisplayName,AccountIsDisabled,UserMustChangePassword,PrimaryGroupId,Manager,AccountExpirationStatus \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TO TERM </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TERMLOG </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" \| ConvertTo-Html
	$Message.Body = ConvertTo-Html -Head $Style -Body $Body
	$SMTP.Send($Message)
	}
	# If the account is not in the disabled users or disabled run this
	ELSEIF (($RunTerm -eq "YES") -and ((Get-QADObject -Identity $TermUser \| Get-QADMemberOf) -notmatch "Disabled Users") -or ((Get-QADObject -Identity $TermUser).get_AccountIsDisabled() -eq $false)) {
	# Send Email
	$Body = "Clean up on $TermUser is not done. <br><br>"
	$Body += "Either account is not terminated correctly or is not disabled.<hr>"
	$Body += "<b> USER REPORT </b><br>"
	$Body += Get-QADUser -Identity $TermUser \| Select-Object -Property DisplayName,AccountIsDisabled,UserMustChangePassword,PrimaryGroupId,Manager,AccountExpirationStatus \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER MAILBOX REPORT </b><br>"
	$Body += Get-CASMailbox $TermUser \| Select-Object DisplayName,MapiEnabled,MAPIBlockOutlookRpcHttp \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TO TERM </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TERMLOG </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" \| ConvertTo-Html
	$Message.Body = ConvertTo-Html -Head $Style -Body $Body
	$SMTP.Send($Message)
	}
	# If the account hasn't been terminated for more than one day run this.
	ELSEIF (($RunTerm -eq "YES") -and ($Date.AddDays(1) -lt ((Get-QADObject -Identity $TermUser).get_ModificationDate()))) {
	# Send Email
	$Body = "Clean up on $TermUser is not done. <br><br>"
	$Body += "24 hours have not passed since termination.<hr>"
	$Body += "<b> USER TO TERM </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TERMLOG </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" \| ConvertTo-Html
	$Message.Body = ConvertTo-Html -Head $Style -Body $Body
	$SMTP.Send($Message)
	}
	# Otherwise, there's nothing to do.
	ELSE {$RunTerm = "NO"}
	IF ($RunTerm -eq "NO") {
	<# Send Email
	$Body = "NOTHING TO DO!<hr>"
	$Body += "<b> USER TO TERM </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermUsers.csv" \| ConvertTo-Html
	$Body += "<hr>"
	$Body += "<b> USER TERMLOG </b><br>"
	$Body += Import-Csv "\\SERVER\User Termination Log\TermLog.csv" \| ConvertTo-Html
	$Message.Body = ConvertTo-Html -Head $Style -Body $Body
	$SMTP.Send($Message)
	#>
	}
	}