Runbook: ACT-OffboardUser.ps1
π Description
This runbook performs a full offboarding workflow for a user in the customerβs hybrid/on-prem Active Directory and Exchange environment.
It includes:
- Password reset
- Killing all active sessions (Azure AD + Hybrid)
- Removing all AD group memberships
- Disabling the user account
- Optional mailbox forwarding
- Detailed SymphonyDesk logging
- Jira comments + workflow transitions
This runbook is commonly used for:
- Terminations
- Resignations
- Immediate access revocation
- HR offboarding workflows
𧩠Required Parameters
| Name | Description | Example |
|---|
| UPN | The userβs UPN | "john.doe@contoso.com" |
| IssueKey | Jira issue reference | "ITSD-6001" |
πͺ Optional Parameters
| Name | Description | Example |
|---|
ForwardTo | SMTP address for mailbox forwarding | "manager@contoso.com" |
π§ What This Runbook Does
| Step | Action |
|---|
| 1 | Reset AD password |
| 2 | Remove all AD group memberships |
| 3 | Disable AD account |
| 4 | Revoke AzureAD sessions (Sign-out everywhere) |
| 5 | Optional mailbox forwarding |
| 6 | Logs every action |
| 7 | Updates Jira with comment + transition |
π€ Webhook JSON Example
{
"customer": "Contoso",
"runbook": "ACT-OffboardUser.ps1",
"issue_key": "{{issue.key}}",
"params": {
"UPN": "{{issue.fields.customfield_10500}}",
"ForwardTo": "{{issue.fields.customfield_10501}}",
"IssueKey": "{{issue.key}}"
}
}
π₯ Success Response
{
"job_id": "job-off-8837",
"status": "success",
"output": "Offboarding completed successfully"
}
π₯ Error Response
{
"job_id": "job-off-8837",
"status": "error",
"message": "Failed to disable account",
"raw": "Disable-ADAccount : Access denied..."
}
π Requirements
- Runner access to:
- Domain Controller
- Exchange PowerShell endpoint
- Azure Graph or MSOnline API credentials for session revocation
- AD & Exchange admin permissions
- Customer config containing:
DomainControllerExchangeUriMailDomain
π Version History
| Version | Date | Changes |
|---|
| 1.0 | 2025-02-01 | Initial release |
| 1.1 | 2025-02-03 | Added Azure session revocation |
| 1.2 | 2025-02-04 | Added mailbox forwarding option |
