0 votes

We are trying to avoid the issue of deleting accounts and resting accounts, we want to implement disconnecting the account by setting the immutable id to null on accounts we want to keep.

by (20 points)
0

Hello Carlos,

There is no possibility to clear the immutable ID natively in Adaxes. However, it does not seem to be required. Could you, please, describe the desired workflow in all the possible details with live examples?

0

First I need to state that we do not have any local mailboxes, all of mailboxes are in the could in exchange online, our environment is hybrid for the convenience of making changes in ad and have them replicate to the cloud.

In our hybrid enviroment when we want to disconnect a cloud mailbox Microsoft recommended to move the local AD object to an unsynced OU, what would happend from that point is that the next AD Sync cycle would cause an update in Azure, which in turn would delete the account. We feel it is unnecessary to do this, because we just lost a mailbox last week and MS support is not providing any solutions. We contacted a consultant and he recommeded to just remove the immutable ID instead of moving objects to an unsynced OU which would cause the mailbox to become detached from local AD so in fewer words we are tyring to avoid deleting and restoring users in azure to detach or unbind mailboxes to user adobjects in a hybrid environment.

1 Answer

0 votes
by (267k points)

Hello Carlos,

Thank you for clarifying. The recommended approach is correct. To achieve the desired, you can use the below script in your deprovisioning workflow. Make sure to install the MgGraph PowerShell module on all the computers where Adaxes service runs.

try
{
    # Get the object ID in Microsoft 365
    $objectId = ([Guid]$Context.TargetObject.Get("adm-AzureId")).ToString()
}
catch
{
    $Context.LogMessage("The user doesn't have a Microsoft 365 account.", "Error")
    return
}
$token = ConvertTo-SecureString -AsPlainText $Context.CloudServices.GetAzureAuthAccessToken() -Force

# Creat on-premises immutable ID
Connect-MgGraph -AccessToken $token
Update-MgUser -UserId $objectId -OnPremisesImmutableId @{}

Related questions

0 votes
1 answer

I am testing using MFA and we use Duo. I havn't seen where we can set up push instead of adding having the end users set up another account for Duo.

asked Jan 11 by mightycabal (1.0k points)
0 votes
1 answer

I'm looking at this onliner Set-AdmUser -Identity $DN -Replace @{AADPHoto = $photoBytes} -AdaxesService localhost -Server. I get an illegal operation error. Wondering what I ... the photo in AD and Azure at the same time to avoid waiting for synchronization.

asked Jan 30 by mightycabal (1.0k points)
0 votes
1 answer

At user creation, when the inbox is created, I'd like to be able to format the address as firstname.lastname@domain.com for some users. Other users firstnameintial.lastname@domain.com, is this possible? Envornment is hybrid O365. Thanks!

asked Jan 4 by cewilson (120 points)
+1 vote
1 answer

Hello, Is there a way I can make the Desktop Adaxes Admin Console Dark Themed? I know how to on the Web Interface, but wondered for the full console. Thanks!

asked Nov 19, 2023 by Edogstraus00 (470 points)
0 votes
1 answer

This would seem like an easy setting since right now, it's causing so much logs because on the main screen, I have a few reports that are custom made and everytime a user ... . Below is a screenshot example of hoe it constantly can fill up the log. Thank You!

asked Jul 31, 2023 by Edogstraus00 (470 points)
3,293 questions
2,991 answers
7,664 comments
544,194 users