Adaxes

Is there a way to set the immutable ID to null to disconnect mailboxes?

0 votes

We are trying to avoid the issue of deleting accounts and resting accounts, we want to implement disconnecting the account by setting the immutable id to null on accounts we want to keep.

by (20 points)
0

Hello Carlos,

There is no possibility to clear the immutable ID natively in Adaxes. However, it does not seem to be required. Could you, please, describe the desired workflow in all the possible details with live examples?

by (272k points)
0

First I need to state that we do not have any local mailboxes, all of mailboxes are in the could in exchange online, our environment is hybrid for the convenience of making changes in ad and have them replicate to the cloud.

In our hybrid enviroment when we want to disconnect a cloud mailbox Microsoft recommended to move the local AD object to an unsynced OU, what would happend from that point is that the next AD Sync cycle would cause an update in Azure, which in turn would delete the account. We feel it is unnecessary to do this, because we just lost a mailbox last week and MS support is not providing any solutions. We contacted a consultant and he recommeded to just remove the immutable ID instead of moving objects to an unsynced OU which would cause the mailbox to become detached from local AD so in fewer words we are tyring to avoid deleting and restoring users in azure to detach or unbind mailboxes to user adobjects in a hybrid environment.

by (20 points)

1 Answer

0 votes
by (272k points)

Hello Carlos,

Thank you for clarifying. The recommended approach is correct. To achieve the desired, you can use the below script in your deprovisioning workflow. Make sure to install the MgGraph PowerShell module on all the computers where Adaxes service runs.

try
{
    # Get the object ID in Microsoft 365
    $objectId = ([Guid]$Context.TargetObject.Get("adm-AzureId")).ToString()
}
catch
{
    $Context.LogMessage("The user doesn't have a Microsoft 365 account.", "Error")
    return
}
$token = ConvertTo-SecureString -AsPlainText $Context.CloudServices.GetAzureAuthAccessToken() -Force

# Creat on-premises immutable ID
Connect-MgGraph -AccessToken $token
Update-MgUser -UserId $objectId -OnPremisesImmutableId @{}

Related questions

0 votes
1 answer
Is there a way to set up MFA push with Duo?

I am testing using MFA and we use Duo. I havn't seen where we can set up push instead of adding having the end users set up another account for Duo.

asked Jan 11 by mightycabal (1.0k points)
0 votes
1 answer
Is there a way to update the account expiry after a user logs into a computer?

Hello, I'm trying to create a business rule that will update a user account expiry date when that user logs in for the first time. I'm new to Adaxes, so I don't have a ... updated by a user's action, such as "Last Logon". Is it possible to make this work?

asked Mar 6 by sjjb2024 (60 points)
0 votes
1 answer
is there a way to update the user photo in O365?

I'm looking at this onliner Set-AdmUser -Identity $DN -Replace @{AADPHoto = $photoBytes} -AdaxesService localhost -Server. I get an illegal operation error. Wondering what I ... the photo in AD and Azure at the same time to avoid waiting for synchronization.

asked Jan 30 by mightycabal (1.0k points)
0 votes
1 answer
Is there a way to change the address format for inboxes during user creation?

At user creation, when the inbox is created, I'd like to be able to format the address as firstname.lastname@domain.com for some users. Other users firstnameintial.lastname@domain.com, is this possible? Envornment is hybrid O365. Thanks!

asked Jan 4 by cewilson (140 points)
+1 vote
1 answer
Is there a way to make the Adaxes Admin Console Dark Mode?

Hello, Is there a way I can make the Desktop Adaxes Admin Console Dark Themed? I know how to on the Web Interface, but wondered for the full console. Thanks!

asked Nov 19, 2023 by Edogstraus00 (470 points)
3,351 questions
3,052 answers
7,794 comments
545,113 users