SOLVED

Users who have left the company....

%3CLINGO-SUB%20id%3D%22lingo-sub-169096%22%20slang%3D%22en-US%22%3EUsers%20who%20have%20left%20the%20company....%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169096%22%20slang%3D%22en-US%22%3E%3CP%3EI%20know%20in%20ODFB%20that%20we%20have%20the%20ability%20to%20automatically%20give%20access%20to%20a%20departed%20employee's%20OD%20account%20to%20their%20manager%2C%20but%20that%20only%20appears%20to%20kick%20in%20when%20a%20user%20has%20been%20removed%20from%20AD%20altogether.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFor%20a%20variety%20of%20reasons%20our%20company%20is%20no%20longer%20deleting%20users%20from%20AD%20after%20they%20have%20left%20the%20company.%26nbsp%3B%20Their%20account%20is%20simply%20locked%20and%20and%20put%20in%20a%20special%20OU%20and%20it%20can%20be%20months%20before%20the%20account%20is%20completely%20removed.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20now%20have%20a%20manager%20who%20had%20an%20employee%20leave%20the%20company%2C%20and%20he%20needs%20access%20to%20that%20user's%20OD%2C%20but%20he%20can't%20wait%20for%20months%20till%20that%20ex-employee's%20AD%20account%20is%20deleted.%26nbsp%3B%20I%20need%20to%20know%26nbsp%3B%20how%20to%20get%20him%20access%20to%20that%20data.%26nbsp%3B%20%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIs%20that%20possible%20to%20do%3F%26nbsp%3B%20This%20is%20the%20first%20instance%20of%20this%20since%20the%20policy%20went%20into%20effect%20of%20not%20removing%20ex-employee's%20AD%20accounts%2C%20and%20I'm%20quite%20sure%20I'm%20going%20to%20get%20more%20of%20these.%26nbsp%3B%20Hopefully%20MS%20has%20handled%20this%20better%20than%20they%20did%20Sharepoint%20Mysite%20issues%20like%20this.%26nbsp%3B%20That%20was%20one%20of%20the%20reasons%20we%20never%20really%20implemented%20Mysites.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThanks%20in%20advance%20for%20any%20suggestions.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETed%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-169096%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOneDrive%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169491%22%20slang%3D%22en-US%22%3ERe%3A%20Users%20who%20have%20left%20the%20company....%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169491%22%20slang%3D%22en-US%22%3EWell%2C%20they%20technically%20use%20that%20same%20script%20to%20provide%20it%20to%20all%20the%20sites%2C%20but%20yeah%20it's%20not%20the%20best%20idea.%20For%20one%2C%20I%20don't%20want%20all%20those%20files%20showing%20up%20in%20my%20files%20list%20and%20searches%20as%20an%20admin%20%3A)%3C%2Fimg%3E%20and%20everywhere%20else.%20%3CBR%20%2F%3E%3CBR%20%2F%3EBut%20also%2C%20as%20an%20admin%2C%20they%20make%20it%20easy%20for%20you%20to%20use%20the%20admin%20page%2C%20users%2C%20search%2C%20and%20then%20in%20the%20onedrive%20section%20add%20yourself%20quickly%20to%20a%20site%20via%20GUI%20and%20access%20it%20all%20right%20there.%20You%20just%20got%20to%20remember%20to%20remove%20yourself%20from%20site%20collection%20admin%20when%20done%20%3A).%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169484%22%20slang%3D%22en-US%22%3ERe%3A%20Users%20who%20have%20left%20the%20company....%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169484%22%20slang%3D%22en-US%22%3E%3CP%3EThanks!%20Useful%20script%20to%20have%20in%20the%20admin%20tool-bag.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELast%20place%20I%20was%20with%2C%20they%20decided%20to%20have%20an%20IT%20account%20in%20everyone's%20OD%20as%20site%20collection%20administrator.%20I%20think%20that's%20a%20brutal%20way%20to%20get%20people%20to%20trust%20the%20system%2C%20if%20there%20is%20potential%20that%20their%20files%20will%20be%20monitored.%20This%20is%20a%20much%20better%20option%2C%20if%20manager%20has%20not%20been%20configured.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169437%22%20slang%3D%22en-US%22%3ERe%3A%20Users%20who%20have%20left%20the%20company....%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169437%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%20for%20the%20reply.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETed%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-169108%22%20slang%3D%22en-US%22%3ERe%3A%20Users%20who%20have%20left%20the%20company....%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-169108%22%20slang%3D%22en-US%22%3E%3CP%3EUse%20the%20SharePoint%20Online%20Powershell%20and%20you%20can%20grant%20users%20access%20to%20any%20onedrive%20Site%20collection.%20%3CBR%20%2F%3E%3CBR%20%2F%3ETo%20add%20access%20to%20Site%20collection%20%3CBR%20%2F%3EConnect-SPOService%20-Url%20%3CA%20href%3D%22https%3A%2F%2Ftenant-admin.sharepoint.com%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3E%5B%23%24dp45%5Dhttps%3A%2F%2Ftenant-admin.sharepoint.com%3C%2FA%3E%20-credential%20username%40domain.com%3CBR%20%2F%3E%3CBR%20%2F%3ESet-SPOUser%20-Site%20%3CA%20href%3D%22https%3A%2F%2Ftenant-my.sharepoint.com%2Fpersonal%2Ftargerusername_ypo_org%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftenant-my.sharepoint.com%2Fpersonal%2Ftargerusername_domain_c%3C%2FA%3Eom%26nbsp%3B-LoginName%20username%40domain.com%20-IsSiteCollectionAdmin%20%24true%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

I know in ODFB that we have the ability to automatically give access to a departed employee's OD account to their manager, but that only appears to kick in when a user has been removed from AD altogether.

 

For a variety of reasons our company is no longer deleting users from AD after they have left the company.  Their account is simply locked and and put in a special OU and it can be months before the account is completely removed.

 

We now have a manager who had an employee leave the company, and he needs access to that user's OD, but he can't wait for months till that ex-employee's AD account is deleted.  I need to know  how to get him access to that data.   

 

Is that possible to do?  This is the first instance of this since the policy went into effect of not removing ex-employee's AD accounts, and I'm quite sure I'm going to get more of these.  Hopefully MS has handled this better than they did Sharepoint Mysite issues like this.  That was one of the reasons we never really implemented Mysites.

 

Thanks in advance for any suggestions.

 

Ted

4 Replies
best response confirmed by Ted McLaughlin (Contributor)
Solution

Use the SharePoint Online Powershell and you can grant users access to any onedrive Site collection.

To add access to Site collection
Connect-SPOService -Url https://tenant-admin.sharepoint.com -credential username@domain.com
Set-SPOUser -Site https://tenant-my.sharepoint.com/personal/targerusername_domain_com -LoginName username@domain.com -IsSiteCollectionAdmin $true

Thanks for the reply.

 

Ted

 

Thanks! Useful script to have in the admin tool-bag.

 

Last place I was with, they decided to have an IT account in everyone's OD as site collection administrator. I think that's a brutal way to get people to trust the system, if there is potential that their files will be monitored. This is a much better option, if manager has not been configured.

Well, they technically use that same script to provide it to all the sites, but yeah it's not the best idea. For one, I don't want all those files showing up in my files list and searches as an admin :) and everywhere else.

But also, as an admin, they make it easy for you to use the admin page, users, search, and then in the onedrive section add yourself quickly to a site via GUI and access it all right there. You just got to remember to remove yourself from site collection admin when done :).