0 votes

We use DirSync/AAD Connect (without write-back) and we have some users that use email in the cloud and never authenticate to the on-prem domain controllers. Therefore, we cannot rely on the lastlogondate attribute to report on inactivity for these users. Has anybody come up with a good way in Adaxes to deal with this scenario? I know there are quite a few options to find inactive users in O365, but I'm curious to see if anybody has found which one might work the best in an Adaxes scheduled task for example.

by (540 points)

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

For this purpose, we recommend using a Business Unit and a Scheduled Task. Business Units are virtual collection of objects grouped together based on a certain criteria. You can create a Business Unit for users who haven't logged on to their Exchange Online mailboxes for a certain period of time. To find such users, you can use a PowerShell script. With the help of a Scheduled Task, you can run the script on a periodical basis to update the Business Unit automatically. For example, you can run it once a day.

Then, you can use the Business Unit everywhere in Adaxes. For example, you can use it in Activity Scopes of Business Rule and Scheduled Tasks or Assignment Scopes of Security Roles.

To implement this, you need to do the following:
I. Create Business Unit
To create a Business Unit that will hold users inactive in Exchange Online, you need to do the following:

  1. In the Console Tree of Adaxes Administration Console, right-click your Adaxes Service and select New \ Business Unit.
  2. Enter a name for it and click Next.
  3. Click Add.
  4. Select Specific Objects.
  5. Click Add.
  6. Select any user and click OK. It doesn't matter which user you add, it will be used only to create a new Business Unit.
  7. Click Finish.

II. Create Scheduled Task
To create a Scheduled Task that will populate the Business Unit with inactive users, do the following:

  1. In the Console Tree of Adaxes Administration Console, right-click your Adaxes Service and select New \ Scheduled Task.
  2. On Step 3, select User.
  3. On Step 4, add the Run a program or PowerShell script action and paste the following script from our repository: http://www.adaxes.com/script-repository ... t-s509.htm.
  4. Modify the parameters of the script. Set $businessUnitName to the name of the Business Unit you created on step I.
  5. Enter a short description for the script and click OK.
  6. On the final step, set the Activity Scope of the task to include the users you are interested in.

Related questions

0 votes
1 answer

In order to create an Entra, cloud only account, is the only requirement to connect Adaxes to my Entra domain so that Adaxes can manage it?

asked Sep 6 by cewilson (190 points)
0 votes
1 answer

How to deal with approval requests in a AD and AAD environment? I have recently created a workflow where I log on as a AD user and request to be a member of a AAD group, ... of member works despite the initial request was based on a AD user and not a AAD user.

asked May 2, 2023 by Daniel (160 points)
0 votes
0 answers

Starting from Adaxes 2023, you can manage Azure AD users, groups, and resource mailboxes that are not synchronized with an on-premises AD domain. However, having a registered ... the entire Azure AD domain in the scope of your Microsoft 365 tenant in Adaxes.

asked Feb 16, 2023 by Adaxes (560 points)
0 votes
1 answer

Hi When reading the REST API documentation it does not mention working directly against Azure AD and Exchange Online. Will this be added? Thanks /Peter Sonander

asked Jan 26, 2023 by Sonander (40 points)
0 votes
0 answers

Hi all Primary objective is to manage cloud only group membership but in a future include cloud only accounts. I've registered a Azure domain which is managed by ... /www.adaxes.com/questions/12293/add-to-365-group-automation-for-new-account-creations Thanks

asked May 31 by MinorDruid (20 points)
3,567 questions
3,258 answers
8,268 comments
547,929 users