Delete old students using SDS

%3CLINGO-SUB%20id%3D%22lingo-sub-102319%22%20slang%3D%22en-US%22%3EDelete%20old%20students%20using%20SDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-102319%22%20slang%3D%22en-US%22%3E%3CP%3ESchool%20Data%20Sync%20(SDS)%20creates%20and%20manages%20our%20user%20accounts.%20SDS%20configuration%20is%20%22New%20Users%22.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAt%20the%20moment%20SDS%20does%20not%20delete%20old%20students%2C%20which%20no%20longer%20exist%20in%20CSV%20files.%20Is%20it%20possible%20to%20delete%20old%20students%20using%20SDS%3F%20If%20not%2C%20how%20can%20I%20delete%20student%20accounts%20automatically%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-113513%22%20slang%3D%22en-US%22%3ERe%3A%20Delete%20old%20students%20using%20SDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-113513%22%20slang%3D%22en-US%22%3E%3CP%3EHello.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EYes%2C%20we%20could%2C%20but%20as%20those%20are%20buried%20deeper%20into%20the%20AAD%20structures%2C%20you%20could%20not%20grab%20those%20users%20with%20a%20normal%20get-msoluser%2C%20as%20that%20one%20is%20not%20capable%20of%20reaching%20these%20attributes.%20Using%20the%20O365%20REST%20API%20or%20the%20upcoming%20Microsoft%20Education%20Graph%20API%20however%2C%20those%20attributes%20can%20be%20retrieved.%26nbsp%3B%3C%2FP%3E%3CP%3EHere%20more%20about%20the%20REST%20API%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Foffice%2Foffice365%2Fapi%2Fstudent-rest-operations%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmsdn.microsoft.com%2Fen-us%2Foffice%2Foffice365%2Fapi%2Fstudent-rest-operations%26nbsp%3B%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20as%20I%20know%20Timo%2C%20which%20SIS%20you%20are%20using%20to%20generate%20the%20data%20from%2C%20that%20one%20is%20perfectly%20capable%20of%20delivering%20info%20about%20students%20retiring%2C%20so%20cloud-disable-data%20is%20available%20without%20any%20need%20to%20go%20thru%20the%20MS%20APIs%2C%20you%20can%20have%20the%20data%20from%20the%20SIS...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMaybe%20we%20talk%20about%20this%20next%20tuesday%20at%20TechTalks%3F%3C%2FP%3E%3CP%3E%3A)%3C%2Fimg%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ERegards%3C%2FP%3E%3CP%3EFrank%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-112475%22%20slang%3D%22en-US%22%3ERe%3A%20Delete%20old%20students%20using%20SDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-112475%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Mark%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20answer.%20Student.csv%20has%20many%20optional%20attributes.%20If%20I%20sync%20%22Status%22%20or%20%22Graduation%20Year%22%2C%20could%20we%20use%20those%20attributes%20in%20Powershell%20to%20delete%20old%20student%20accounts%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-Timo%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-104305%22%20slang%3D%22en-US%22%3ERe%3A%20Delete%20old%20students%20using%20SDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-104305%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Timo-%20thanks%20for%20the%20question%20and%20sorry%20for%20the%20tardy%20reply.%3C%2FP%3E%3CP%3EAs%20you%20know%2C%20SDS%20uses%20the%20data%20from%20your%20SIS%20and%20appends%20the%20users%20in%20your%20Azure%20Active%20Directory.%26nbsp%3B%20SDS%20wants%20to%20respect%20the%20SIS%20as%20the%20source%20of%20truth%2C%20so%20does%20not%20write%20back%20to%20the%20SIS.%26nbsp%3B%20similarly%2C%20SDS%20does%20not%20want%20to%20unintentionally%20remove%20users%20from%20Azure%20active%20Directory%20if%20they%20no%20longet%20exist%20in%20your%20SIS.%26nbsp%3B%20There%20are%20many%20examples%20of%20schools%20who%20continue%20to%20give%20alumni%20email%20access%2C%20or%20students%20are%20temporarily%20unenrolled%20but%20may%20be%20back.%26nbsp%3B%20So%20removing%20users%20from%20your%20active%20directory%20is%20accomplished%20the%20same%20way%20whether%20or%20not%20you%20use%20SDS%2C%20that%20is%2C%20either%20one%20at%20a%20time%20using%20the%20Office%20365%20Admin%20center%2C%20or%20in%20bulk%20using%20powershell.%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EHere%20is%20a%20SOC%20article%20which%20walks%20through%20removing%20users%20-%20%3CA%20href%3D%22https%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FDelete-a-user-from-your-organization-D5155593-3BAC-4D8D-9D8B-F4513A81479E%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fsupport.office.com%2Fen-us%2Farticle%2FDelete-a-user-from-your-organization-D5155593-3BAC-4D8D-9D8B-F4513A81479E%3C%2FA%3E%3C%2FLI%3E%3CLI%3EIf%20you%20want%20to%20remove%20users%20in%20bulk%2C%20PowerShell%20is%20the%20way%20to%20go.%20Use%20the%20%3CA%20href%3D%22https%3A%2F%2Fgo.microsoft.com%2Ffwlink%2F%3Flinkid%3D842230%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ERemove-MsolUser%3C%2FA%3E%20PowerShell%20cmdlet%3C%2FLI%3E%3CLI%3ERemoving%20users%20through%20the%20O365%20admin%20Center%20or%20through%20PowerShell%20will%20also%20remove%20their%20mailbox%2C%20and%20remove%20them%20from%20the%20Global%20Address%20List%20as%20well.%20Address%20list%20updates%20can%20take%20a%20few%20days%20to%20reflect%20in%20an%20outlook%20client%20due%20to%20the%20underlying%20process%20of%20updates%20and%20outlook%20clients%20receiving%20those%20updates.%3C%2FLI%3E%3CLI%3ERemoving%20an%20%C3%A2%E2%82%AC%C5%93inactive%20user%20or%20mailbox%C3%A2%E2%82%AC%20%20is%20subjective.%20It%20depends%20on%20how%20you%20define%20inactive%20(unless%20you%C3%A2%E2%82%AC%E2%84%A2re%20literally%20referring%20to%20an%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn144876(v%3Dexchg.150).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3EExchange%20Online%20Inactive%20Mailbox%3C%2FA%3E%20).%20You%20would%20first%20need%20to%20determine%20if%2Fhow%20to%20identify%20inactive%20users%20and%2For%20mailboxes%2C%20and%20then%20you%20could%20script%20a%20way%20deletion%20of%20those%20users%2Fmailboxes%20in%20bulk.%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThanks%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMatt%20McGinnis%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

School Data Sync (SDS) creates and manages our user accounts. SDS configuration is "New Users".

 

At the moment SDS does not delete old students, which no longer exist in CSV files. Is it possible to delete old students using SDS? If not, how can I delete student accounts automatically?

3 Replies

Hi Timo- thanks for the question and sorry for the tardy reply.

As you know, SDS uses the data from your SIS and appends the users in your Azure Active Directory.  SDS wants to respect the SIS as the source of truth, so does not write back to the SIS.  similarly, SDS does not want to unintentionally remove users from Azure active Directory if they no longet exist in your SIS.  There are many examples of schools who continue to give alumni email access, or students are temporarily unenrolled but may be back.  So removing users from your active directory is accomplished the same way whether or not you use SDS, that is, either one at a time using the Office 365 Admin center, or in bulk using powershell. 

  • Here is a SOC article which walks through removing users - https://support.office.com/en-us/article/Delete-a-user-from-your-organization-D5155593-3BAC-4D8D-9D8...
  • If you want to remove users in bulk, PowerShell is the way to go. Use the Remove-MsolUser PowerShell cmdlet
  • Removing users through the O365 admin Center or through PowerShell will also remove their mailbox, and remove them from the Global Address List as well. Address list updates can take a few days to reflect in an outlook client due to the underlying process of updates and outlook clients receiving those updates.
  • Removing an “inactive user or mailbox” is subjective. It depends on how you define inactive (unless you’re literally referring to an Exchange Online Inactive Mailbox ). You would first need to determine if/how to identify inactive users and/or mailboxes, and then you could script a way deletion of those users/mailboxes in bulk.

Thanks,

 

Matt McGinnis

Hi Mark,

 

Thank you for your answer. Student.csv has many optional attributes. If I sync "Status" or "Graduation Year", could we use those attributes in Powershell to delete old student accounts?

 

-Timo

Hello.

 

Yes, we could, but as those are buried deeper into the AAD structures, you could not grab those users with a normal get-msoluser, as that one is not capable of reaching these attributes. Using the O365 REST API or the upcoming Microsoft Education Graph API however, those attributes can be retrieved. 

Here more about the REST API

https://msdn.microsoft.com/en-us/office/office365/api/student-rest-operations 

 

But as I know Timo, which SIS you are using to generate the data from, that one is perfectly capable of delivering info about students retiring, so cloud-disable-data is available without any need to go thru the MS APIs, you can have the data from the SIS...

 

Maybe we talk about this next tuesday at TechTalks?

:)

 

Regards

Frank