Sysadmin

7719 readers

84 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 2 years ago

MODERATORS

DarraignTheSane

00Lemming

L3s

Hybrid Azure AD users who have been converted to shared mailbox can't be deleted. (learn.microsoft.com)

submitted 1 year ago by YourHuckleberry to c/sysadmin

1 comments fedilink hide all child comments

When offboarding a user, the option to retain that user's mailbox and give other people access is, convert to a shared mailbox. When you do this it doesn't delete the user account. It still shows up as an active, unlicensed user. This can be sort of troubling as reporting of active user counts still includes those users. I'm not 100% sure that this is different, but many of our users are hybrid with an on-prem AD. When we try to delete the user and convert to a shared mailbox, the deletion fails, but the convert to shared succeeds. If we subsequently move to on-prem account to an un-synchronized OU, the user account and it's associated share mailbox also get deleted. The way I've found to fix this is to restore the AAD user account after we move the on-prem account. It's all a bit of a hassle and I wonder if there's a better way. How do you handle offboarding hybrid accounts?

all 2 comments

sorted by: hot top controversial new old

[–] DarraignTheSane 1 points 1 year ago

(I know this post is a month old, but I just came across it.)

We deal with this by not dealing with it, so to speak. We keep the on-prem AD account disabled and just move it to a synced OU called "Terminated", then strip all group memberships/permissions from it. Once we've held onto the shared mailbox for the required length of time, we then delete both the on-prem AD account and the shared mailbox.