Forum Discussion

Copper Contributor

Aug 16, 2018

Hybrid Deployment - Automate User Deletion - Remove-MSOLUser

We are currently working on a workflow that will restore an MSOL user and assign permissions to OneDrive and Exchange Online. This piece is worked out, converting to cloud only object. The snag ...

Azure Active Directory (AAD)

Identity Management

Kohen Dubeau

Copper Contributor

Aug 20, 2018

VasilMichev

The users are being removed from the sync scope, i.e. moved to a disabled users OU. The use case is a terminated employee and granting a manager access to the terminated employee's resources for XX days. Once the XX days are up return the object to a soft deleted state to eventually be deleted permanently.

We fully understand this is not supported.

Nestori Syynimaa

MVP

Aug 21, 2018

Just clear the immutableId attribute which removes the link to on-prem user.

After you've moved the user out of sync scope, run the following commands to remove the immutableId and recover the user:

Get-MsolUser -UserPrincipalName user@company.com -ReturnDeletedUsers | Set-MsolUser -ImmutableId ""
Get-MsolUser -UserPrincipalName user@company.com -ReturnDeletedUsers | Restore-MsolUser

There are no workflow to automatically delete the user after xx days. However, if 30 days is enough, you can simply give managers access to user's mailbox and OneDrive. This way they can be accessed even the user is in a soft deleted state.