When offboarding a user, the option to retain that user’s mailbox and give other people access is, convert to a shared mailbox. When you do this it doesn’t delete the user account. It still shows up as an active, unlicensed user. This can be sort of troubling as reporting of active user counts still includes those users. I’m not 100% sure that this is different, but many of our users are hybrid with an on-prem AD. When we try to delete the user and convert to a shared mailbox, the deletion fails, but the convert to shared succeeds. If we subsequently move to on-prem account to an un-synchronized OU, the user account and it’s associated share mailbox also get deleted. The way I’ve found to fix this is to restore the AAD user account after we move the on-prem account. It’s all a bit of a hassle and I wonder if there’s a better way. How do you handle offboarding hybrid accounts?

  • TylerHagan1980@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    All scripted: Our leaver’s manager gains access to their mailbox for 30 days, then access is revoked and the user account is unlicensed, and at day 60 the prem user account is deleted. The managers can copy any required emails into their mailbox or a shared mailbox in that 30 day period. There is no reason to keep every leaver mailbox around indefinitely.

  • DarraignTheSane@lemmy.worldM
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    (I know this post is a month old, but I just came across it.)

    We deal with this by not dealing with it, so to speak. We keep the on-prem AD account disabled and just move it to a synced OU called “Terminated”, then strip all group memberships/permissions from it. Once we’ve held onto the shared mailbox for the required length of time, we then delete both the on-prem AD account and the shared mailbox.