Dec 20 2018 08:54 AM
Our company has decided that when a user leaves they no longer automatically delete that user's AD account. It just get's stuck in some "left the company" type OU.
As a result the automatic re-assignment of the user's one drive account to their manager doesn't happen. And due to the way our company has rolled out one drive as each user's default storage area that means every user has one with business data in it.
So now for every user who leaves our company, (we have around 3,500), there is a ticket that comes in to the global O365 admins asking them to manually re-assign permissions to that user's account to their boss. Needless to say this is aggravating.
We'd like to give the ability to do this to our Service Desk, but we can't figure out how to tailor their permissions so that they can do this, and only this. We've been told repeatedly by management that they want us to delegate basic tasks, (like this one most definitely is), to the Service Desk, but we don't want to make them Global Admins to do it.
Can anyone tell me if there is some handy powershell command that would enable me to assign permissions to a group of users, (the service desk), that would enable them to just re-assign permissions on another user's ODFB account to someone else?
Thanks in advance.
Ted
Dec 20 2018 09:40 AM
Dec 20 2018 10:10 AM
SharePoint admin should be enough, however there is no way to restrict it to just a specific ODFB site. In effect, the SD personal will be able to grant/remove permissions on every SPO SC.