Mar 07 2018 03:26 PM
I know in ODFB that we have the ability to automatically give access to a departed employee's OD account to their manager, but that only appears to kick in when a user has been removed from AD altogether.
For a variety of reasons our company is no longer deleting users from AD after they have left the company. Their account is simply locked and and put in a special OU and it can be months before the account is completely removed.
We now have a manager who had an employee leave the company, and he needs access to that user's OD, but he can't wait for months till that ex-employee's AD account is deleted. I need to know how to get him access to that data.
Is that possible to do? This is the first instance of this since the policy went into effect of not removing ex-employee's AD accounts, and I'm quite sure I'm going to get more of these. Hopefully MS has handled this better than they did Sharepoint Mysite issues like this. That was one of the reasons we never really implemented Mysites.
Thanks in advance for any suggestions.
Ted
Mar 07 2018 03:56 PM - edited Mar 07 2018 03:57 PM
SolutionUse the SharePoint Online Powershell and you can grant users access to any onedrive Site collection.
To add access to Site collection
Connect-SPOService -Url https://tenant-admin.sharepoint.com -credential username@domain.com
Set-SPOUser -Site https://tenant-my.sharepoint.com/personal/targerusername_domain_com -LoginName username@domain.com -IsSiteCollectionAdmin $true
Mar 08 2018 10:02 AM
Thanks! Useful script to have in the admin tool-bag.
Last place I was with, they decided to have an IT account in everyone's OD as site collection administrator. I think that's a brutal way to get people to trust the system, if there is potential that their files will be monitored. This is a much better option, if manager has not been configured.
Mar 08 2018 10:18 AM
Mar 07 2018 03:56 PM - edited Mar 07 2018 03:57 PM
SolutionUse the SharePoint Online Powershell and you can grant users access to any onedrive Site collection.
To add access to Site collection
Connect-SPOService -Url https://tenant-admin.sharepoint.com -credential username@domain.com
Set-SPOUser -Site https://tenant-my.sharepoint.com/personal/targerusername_domain_com -LoginName username@domain.com -IsSiteCollectionAdmin $true