Z-Term Administration Guide

Contents
  1. Introduction
  2. Requirements
  3. Templates
  4. Active Directory Tasks
  5. Exchange Tasks
  6. Lync Tasks
  7. Office 365 Tasks
  8. File Operations
  9. Schedule Termination Job
  10. Upgrading Z-Hire

Introduction

Z-term allows fast account termination process for departing employees. Usually when an administrator terminates a departed user account, multiple consoles are used to get the job done. This app uses a template concept that allows for system administrators to save frequently-used settings for multiple IT systems. With just a click of the button, it will run chosen tasks simultaneously. Z-Term serves as a platform for employee separation process with an option for custom scripts.

Requirements

System Requirements
- Windows 7 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)
- Windows Server 2008 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)
- Windows Server 2008 R2 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)
- Windows Server 2012 x64 (Domain Joined, .Net 3.5 and 4.0 Installed)

Permission Requirements
Z-Term uses current logon AD credentials. To run Z-Term as different user, use windows builtin “run as different user” function.

- Ability to modify Active Directory user (Active Directory Account Operator)
- Ability to modify Exchange Mailbox (Exchange Recipient Administrator role / Exchange View-Only Administrator)
- Exchange Impersonation Role (to run “Cancel Meetings” task)
follow Microsoft document on assigning the ApplicationImpersonation role
http://msdn.microsoft.com/en-us/library/bb204095%28EXCHG.140%29.aspx
- Set Exchange Throttling Policy (to run “Cancel Meetings” task)
New-ThrottlingPolicy –Name “ZhireThrottlingPolicy” –EWSFindCountLimit 99999
Set-Mailbox ZhireUser –ThrottlingPolicy “ZhireThrottlingPolicy”
- Exchange Discovery Management role (to run “Remove Calendar Items” task)
follow Microsoft document on assigning the Discovery Management role
http://technet.microsoft.com/en-us/library/dd638205(v=exchg.141).aspxv
- Ability to modify enable Lync user (CSAdministrator)

Supported Environments
- Active Directory (all versions)
- Exchange 2007 (all versions)
- Exchange 2010 / 2013 (all versions)
- Lync 2010 / 2013 (both Standard and Enterprise versions)

PowerShell Remoting
- PowerShell remoting is usually enabled by default, but please make sure it is enabled on your Exchange and Lync servers you are connecting to.
- Ensure all Exchange / Lync Servers are enable PS remoting. This is done by running "Enable-Psremoting" powershell command on Exchange/Lync server you wish to connect to.
- Fill out "Environment Config" portion of the form. Use "File" > "Save Environment Config" to save configuration to select template.

Templates

Templates feature allow administrator to easily save set of commonly used tasks. For example, you can set a template for each stage of the termination process ( set of tasks for prior to leaving, set of tasks to archive mailbox and home folder after 30 days..etc.). Z-Term has five built-in templates and allows administrators to create additional templates.

Active Directory Tasks

Termed Users OU – an OU in DN format where user will be moved to when running “Move Users to Termed Users OU” Task
Reset Active Directory Password – This password will be used for “Reset Active Directory Password”
Disable Active Directory Account – Disable Active Directory Account
Reset Active Directory Password – Reset Active Directory Account
Move Users to Termed Users OU – Move user to OU specified in “Termed Users OU”
Remove AD Group Membership – Move user from all Active Directory Groups
Clear AD Manager Field – Clear Manager field in Active Directory
Description – Sets Active Directory description field
Notes – Sets Active Directory notes field
Remove Active Directory Account – Deletes Active Directory Account

Exchange Server 2010/2013

Exchange Server – FQDN of Exchange 2010/2013 CAS or Mailbox Server
Resource Mailboxes – List of mailboxes that are used for “Remove Calendar Items” Task.
Change Distribution List Ownership to – This retrieve list of distribution lists owned by termed users and assign the specified user as an owner
Set CustomAttribute(#) to – This simply sets the customattribute of the mailbox
Set Out of Office to – Set out of office reply for termed user
Forward Email to – forwards termed user email to SamAccountname specified here
Grant full access permission to – This assigns full access permission to termed user mailbox. Choose SamAccountName or termed user’s manager
Hide From Global Address List – Hides term user from Outlook Address Book.
Clear Out of Office Message – This remove existing out of office message from term user mailbox.
Remove Calendar Items – This go through resource mailboxes configured under “Environemnt Config > Exchange > Resource Mailboxes” and remove calendar items where term user is an organizer. User account running Z-Term must have the “Exchange Discovery Management role” permissions.
Cancel Meetings – This go through term user mailbox and cancel meetings where term user is an organizer of. The goal of this task is to avoid stale booking in resource and equipment mailboxes. Z-term user must have below permissions.
- Exchange Impersonation Role (to run “Cancel Meetings” task)
follow Microsoft document on assigning the ApplicationImpersonation role
http://msdn.microsoft.com/en-us/library/bb204095%28EXCHG.140%29.aspx
- Set Exchange 2010Throttling Policy (to run “Cancel Meetings” task)
New-ThrottlingPolicy –Name “ZtermThrottlingPolicy” –EWSFindCountLimit 99999
Set-Mailbox ZtermUser –ThrottlingPolicy “ZtermThrottlingPolicy”

- Set Exchange 2013 Throttling Policy (to run “Cancel Meetings” task)
New-ThrottlingPolicy SuThrottlingPolicy -EWSMaxConcurrency $null -EWSMaxSubscriptions $null
Set-Mailbox ZtermUser –ThrottlingPolicy “ZtermThrottlingPolicy”
Disable Mailbox – Simply disable the mailbox. Only Exchange mailbox, not Active Directory user.
Forward Email to Manager in AD – Forward term user email to manager in Active Directory
Export Mailbox to PST – Exports term user mailbox to specified location under “Environment Config > File Operations > PST Export Path”. Make sure your environment supports the “New-MailboxExportRequest” powershell command. See this blog post for more info: http://bernasovsky.wordpress.com/2011/07/26/the-term-new-mailboxexportrequest-is-not-recognized/

Lync Server 2010/2013

Lync FrontEnd Server – FQDN of Lync 2010 FrontEnd Server
Disable Lync Account – This is same as disabling Lync user from Lync console

Office 365

Prerequisites
You must install the packages below on the server or desktop that is running Z-Hire:

Microsoft Online Services Sign-In Assistant
http://www.microsoft.com/en-us/download/details.aspx?id=28177

Windows Azure Active Directory Module for Windows PowerShell (64-bit version)
http://go.microsoft.com/fwlink/p/?linkid=236297

Reset Password – Resets Office 365/Azure Active Directory user’s password
Remove User – Mark Office 365/Azure Active Directory user for deletion
Remove License – Unassign Office 365 license from user so it can be reused.

File Operations

Copy Home Folder To – This looks up term user home folder directory in Active Directory and copies all data to specified UNC path. Note that this copies the data and does not delete the original data.Custom scripts option can be used to delete the home folder.
Copy Profile Path To – This looks up term user profile path directory in Active Directory and copies all data to specified UNC path. Note that this copies the data and does not delete the original data.
Export User Settings to XML – This function exports term user information from Active Directory, Exchange and Lync data to XML file located in the same directory as Z-Term_V4_x64.exe. When user is accidently termed, this data can be used to recreate the account.
PST Export Path – UNC path for destination of PST export for “Export Mailbox to PST” Exchange Task

Schedule Termination Job

Schedule Termination feature allows IT Administrators to process terminations prior to employee departure date. For typical organizations Active Directory, Exchange and Lync user accounts are usually disabled at the time of employee departure. This introduces human errors which lead to security risk. With Z-Term, IT Administrators can process the termination as soon as notified by HR department. At completion of termination job, Z-Term will send summary of the job to IT Administrator. SMTP feature is configured at Options > SMTP Setting. List of schedule termination jobs is viewed from Windows Tasks Scheduler. *Note: Please save your template data prior to scheduling. When Z-Term is running as a schedule job, it calls the template to retrieve list of tasks (example: z-term.exe). Also, check list of systems (Active Directory, Exchange Mailbox, etc.) prior to clicking “Schedule Termination” button.

Upgrading Z-Term

To upgrade, download the latest version of Z-Term from support section, extract the contents, and replace the .exe files. All your templates will be automatically migrated to the new version. Please make a backup copy of old Zohno Tools folder prior to launching the new .exe file.