Forum Discussion
Group Ownership - Account removal-orphaning
Can anyone help me find a detailed technical explanation of the which user account editing scenarios will cause the owner of an Azure AD (office/office 365) group to be removed ? it was my understanding that changing certain attributes will cause this to happen, or prevent it from happening. I'm trying to figure out how some groups get orphaned and others show an owner that has left the organization.
We're dealing with two things here. The Azure AD user object (the account) is as you say: blocked.
However, the Azure AD user object still exists in the directory and the GUID pointing to the object in the list of owners is valid. So when Get-UnifiedGroupLinks returns the set of owners, it thinks the user object is fine because it can be found...
6 Replies
Removing the user from the owner list with Remove-UnifiedGroupLinks will do it. AFAIK, most of the clients stop people removing the last owner now.
Thanks, is there an attribute that is can be changed in an off-boarding workflow to also make this happen?
I found some additional information, that should help to clarify my question.
The account in question shows up in the O365 Admin Center as blocked,
- licenses show- no products assigned,
- sign in status- sign in blocked,
Azure AD shows the last login on Feb 5, 2018
An Office 365 group show that this account is still in the Owners role, Azure AD shows the same. Why is the blocked account still shown as an Owner?
When will the blocked account stop showing up in the group owner role?
