Office 365 License Removal

Question

Hey Everyone,

I have a few questions about how others are handling the removal of Office 365 licenses for users who have left the organization. I went and set something up that made sense for our environment a few months ago and it was working for a while...but has become inconsistent. Below I'll try to summarize below what I've setup:

1. When we receive a future notification of someone leaving, we end date the account for that day.
2. I have a scheduled task configured for 6 PM everyday to check our OU where our users reside. It grabs these expired users and disables them and moves them to a separate "Disabled Users" OU. It also adds them to a few AD Security Groups I've created for future cleanup efforts (Remove E1 add E3, Check Litigation Hold, Remove E3 License)
3. I then have a three tasks configured that run over night looking in that Disabled Users OU for users who are members of those groups and perform tasks on each. I have it setup so it won't touch these newly moved/disabled users for 14 days.
4. So the disabled account sits in the Disabled Users OU for 13 days and nothing happens to it...then on the 14th day I:

a. Check to see if it has an E1 license( we only have a few of these) and if so change it to E3. Confirmed with Microsoft that this is OK. Must have E3 for Litigation hold configuration options
b. Check to see if it's on any litigation hold (Used a script you guys helped create), and if it's not, configure it for a 365 day hold.
c. Remove the E3 License.

I have each of those 3 scheduled tasks running an hour apart from each other. I ran into problems trying to do multiple things with licenses in one pass. I'm now running into an issue with the Office Tenant. When Adaxes attempts to perform these tasks it errors out (about 50% of the time) and says "There are no Office 365 Tenants associated with the user".

With me disabling this account and letting it sit for 13 days....is there something running that would remove the tenant from that user? It must be occurring within Office 365....maybe? I'll likely shorten that window but it's nice because we often receive a ticket a few days after an account is disabled that says "hey, re-enable this user they are still working here, etc".

Help! Thanks!!

Comments

Hello Ben,

To help us troubleshooting the issue, could you answer the following questions:

1. How many Office 365 tenants do you have?
2. Over which parts of your Active Directory are they assigned? What are their Active Directory scopes?

Also, could you post screenshots of the involved Custom Commands, Scheduled Tasks and Business Rules? If you want, you can contact us using our support email address (support[at]adaxes.com).

---

Support, thanks for the reply on this. I wanted to report back that after I corrected what OUs my Tenant have access over (I didn't have it configured over the new OU I created) the problem was resolved. Thanks for the help!