[Tool] SafetyNet - Keep Office 365 Mailbox when removing AD-Synced user.

Brass Contributor

Hi guys, great to see another Office 365 community forming- and this time aimed at IT pros! Smiley Happy


My name is Maor Bracha, an Office 365 expert and a moderator over at the Microsoft Answers Office 365 community. 

Thought I can start my introduction to this community by sharing a tool I like to call "SafetyNet", so here it goes:


[TechNet quote]

"...If you're working with Office 365 with AAD-Connect, you probably came across the question of- what happens when an employee has left the company and we, as the IT department, would like to remove his AD user and Office 365 license while retaining the mailbox data.


Microsoft gave us the "Convert to Shared" button, but the cause will be losing archive data if exists, and generally does not solve the issue if we would like to remove the AD user, which in it's turn will remove the Office 365 based user and mailbox data. Of course we can restore the deleted mailbox within the retention period, but that is a work arounf, and many of my clients are not comfortable with this solution which may be a gateway for trouble. 


To overcome this obstacle, I have created the SafetyNet tool.

This tool will allow IT staff to retain mailbox data- including online archive, which will be replicated into a license-free shared mailbox, as well as migrate all email and x500 addresses.

The tool will also take car of permissions required for the process, basically allowing every IT admin an easy and accisible solution for this prediciment..."




Download available here 




SafetyNet previewSafetyNet preview

3 Replies
What do you see as the advantage to this over marking the box as an inactive box (litigation hold then removing the license)? I would typically tell the client to maintain the on prem acct for 30 days to allow for normal mailbox access for management and then mark the box for litigation hold and remove the license to retain the data when they remove the user.
Hi Paul,

A mailbox that's been put under litigation hold and unlicensed can only be accessed via the e-discovery utility. The results of said search are then exported to a PST file.
This whole process means the mailbox data is inaccessible to the ordinary organization employees (co-workers, managers, etc) that requires ongoing and online access, and would require a ticket to the IT department to run a query.

"You can access the contents of the inactive mailbox by using In-Place eDiscovery in the Exchange admin center (EAC)... You can preview the search results, copy the search results to a discovery mailbox, or export the search results to an Outlook Data (PST) file."

Moreover, to be able to use this feature it is required to assign an Exchange plan 2 (/E3 and above) license that allows archiving- which some (mostly smaller) organizations don't have.

"..To make a mailbox inactive, it must be assigned an Exchange Online (Plan 2) license so that a Litigation Hold or an In-Place Hold can be placed on the mailbox before it's deleted. Exchange Online (Plan 2) licenses are part of an Office 365 365 Enterprise E3 and E5 subscriptions. If a mailbox is assigned an Exchange Online (Plan 1) license (which is part of an Office 365 365 Enterprise E1 subscription), you would have to assign it a separate Exchange Online Archiving license so that a hold can be placed on the mailbox before it's deleted. For more information, see Exchange Online Archiving."

More reading here:

And of course, there's always the chance of the client not fully understanding the processes and somehow mess it up (and I've seen it happen)

My clients found thus tool helpful, and hopefuly now you could see how- and enjoy it yourself ;)


@Maor Brachais your tool still avaliable as the link no longer works?