Join Log in
Score:0
justdoingmyjob avatar Server

How to disable AD account without deleting user's mailbox in Office365?

eg flag
justdoingmyjob

One of our users recently switched roles to a new position where they will not need computer access anymore, except for checking emails. I need to disable their AD account while not removing their Outlook login or mailbox.

My first thought was to remove the proxyAddress attribute value in AD, do a sync, then disable the user in AD. But what I've read is that you need to disable the user in AD, or move them into a unsynched OU, then go into 365 admin portal and re-enable their account, and delete the immutable ID. I'd love to get confirmation if this is right.

I can't find a consistent answer on google and don't want to risk losing their mailbox.

428
2 + 0
Score:2
joeqwerty avatar Server
cv flag
joeqwerty

How are they going to check their email if not from a computer? Will they only be accessing their email from a mobile device/smartphone?

At any rate, if you "unsync" the user they'll then be deleted in Office 365 and you can then simply restore the user in Office 365 and they'll become a "cloud only" account. There's no need to modify any attributes.

+ 4
cn flag
Greg Askew
I've heard some people set the logonHours to zero/none. Not an ideal solution.
0
Reply
justdoingmyjob avatar
eg flag
justdoingmyjob
Yes, they can only access their email from a kiosk web browser or their phones. This worked for me, much simpler than the hundreds of forum posts which add many very complicated steps. Thank you!
1
Reply
joeqwerty avatar
cv flag
joeqwerty
@justdoingmyjob Glad to help. Just make sure the on premises user account is not in scope of Azure Ad Connect so that they aren't resynced to the Office 365 account.
1
Reply
justdoingmyjob avatar
eg flag
justdoingmyjob
Perfect! very helpful man, thanks a bunch. Is there any way to see on the AD end which OUs are synched to AAD? I don't have permissions to look at AAD Connect apparently. I'm just a junior sys admin so yeah. But through trial and error I found one which isn't synched.
0
Reply
Score:0
falaisi avatar Server
vi flag
falaisi

You can info the following steps to configure it:

  1. Remove the Exo License
  2. Clear the mailbox info as before: Set-User xxx@Company portal .com -PermanentlyClearPreviousMailboxInfo
  3. Resync - ensure the MSExchangeGuid is Synced
  4. Re-add Exo License to mailuser in 365

At this point, the Exo Mailbox should not be created if the mailbox is on-prem.

+ 1
justdoingmyjob avatar
eg flag
justdoingmyjob
I don't know what the Exo license is. Thanks but the other user's suggestion was far easier
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.