'Delete a user' permission needed for license removal?

%3CLINGO-SUB%20id%3D%22lingo-sub-853151%22%20slang%3D%22en-US%22%3E'Delete%20a%20user'%20permission%20needed%20for%20license%20removal%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-853151%22%20slang%3D%22en-US%22%3E%3CP%3EWe're%20still%20going%20through%20our%20termination%20process.%20We've%20got%20most%20of%20it%20mapped%20out%20but%20hit%20something%20strange.%3C%2FP%3E%3CP%3EThe%20people%20who%20do%20this%20have%20the%20following%20roles%20in%20AAD%3A%3C%2FP%3E%3CUL%3E%3CLI%3EHelp%20Desk%20Administrator%2C%3C%2FLI%3E%3CLI%3ELicense%20Adminstrator%2C%3C%2FLI%3E%3CLI%3EPassword%20Administrator%20(needed%20for%20'initiate%20sign%20out')%3C%2FLI%3E%3CLI%3ESharePoint%20Administrator%20(needed%20for%20OneDrive%20sharing)%3C%2FLI%3E%3CLI%3EUser%20Administrator%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20Office%20Admin%2C%20if%20they%20use%20the%20'delete'%20on%20the%20user%2C%20it%20should%3A%3C%2FP%3E%3COL%3E%3CLI%3EShow%20them%20the%20licenses%20that%20will%20be%20removed%20(works%20for%20a%20global%20admin%2C%20doesn't%20work%20for%20this%20person)%3C%2FLI%3E%3CLI%3ECheckbox%20prompt%20to%20share%20the%20user%20OneDrive%20(works)%3C%2FLI%3E%3CLI%3EDelete%20the%20user%20(errors%20but%20expected%20in%20our%20case%20since%20we%20are%20synced%20with%20AD)%3C%2FLI%3E%3C%2FOL%3E%3CP%3EIt's%20not%20telling%20them%20it's%20removing%20the%20existing%20license.%20However%2C%20if%20they%20do%20that%20step%20separately%20through%20the%20GUI%2C%20they%20have%20no%20problem%20-%20which%20is%20expected%20because%20they%20have%20the%20License%20Admin%20role.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20the%20delete%20script%20on%20a%20user%20in%20Office%20Admin%20need%20a%20different%20role%20to%20remove%20licenses%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-853151%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPermissions%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ERoles%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-855361%22%20slang%3D%22en-US%22%3ERe%3A%20'Delete%20a%20user'%20permission%20needed%20for%20license%20removal%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-855361%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20not%20sure%20how%20exactly%20that%20%22wizard%22%20works%2C%20best%20open%20a%20support%20case%20or%20leave%20feedback%20directly%20in%20the%20portal.%20Or%20just%20create%20your%20custom%20PowerShell%20script%20to%20do%20all%20these%20steps.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Super Contributor

We're still going through our termination process. We've got most of it mapped out but hit something strange.

The people who do this have the following roles in AAD:

  • Help Desk Administrator,
  • License Adminstrator,
  • Password Administrator (needed for 'initiate sign out')
  • SharePoint Administrator (needed for OneDrive sharing)
  • User Administrator

 

In Office Admin, if they use the 'delete' on the user, it should:

  1. Show them the licenses that will be removed (works for a global admin, doesn't work for this person)
  2. Checkbox prompt to share the user OneDrive (works)
  3. Delete the user (errors but expected in our case since we are synced with AD)

It's not telling them it's removing the existing license. However, if they do that step separately through the GUI, they have no problem - which is expected because they have the License Admin role.

 

Does the delete script on a user in Office Admin need a different role to remove licenses?

 

 

1 Reply
Highlighted

I'm not sure how exactly that "wizard" works, best open a support case or leave feedback directly in the portal. Or just create your custom PowerShell script to do all these steps.