0 votes

We have a workflow that keeps the employees mailbox active for 2 weeks after the user is deprovisioned and assigns the manager with full access. We need a additional workflow that will remove ALL delegation on the account after the two weeks is up. Please advise.

by (3.2k points)
0

Hello,

Could you, please, specify how exactly the current workflow is configured? Screenshots would be very helpful. You can post them here or send to our support email (support[at]adaxes.com).
Do we understand correctly, that 2 weeks after deprovisioning, all the trustees should be removed from the Mailbox Rights section including the user manager?

0

@ Support - You are correct we would like all trustees removed (Send As, Send on Behalf and Full Access) after the two weeks is complete.

Below is the current process in screenshot and code pasted in.

$mbGUIDProperty = "adm-CustomAttributeBinary5" # TODO: modify me
$mbStorePathProperty = "adm-CustomAttributeText5" # TODO: modify me

# Get mailbox GUID and mailbox store DN
$exchangeGuid = $Context.TargetObject.Get("msExchMailboxGuid")
$mailboxStoreDN = $Context.TargetObject.Get("homeMDB")

# Save the GUID and the DN to Custom Attributes
$Context.TargetObject.Put($mbGUIDProperty, $exchangeGuid)
$Context.TargetObject.Put($mbStorePathProperty, $mailboxStoreDN)
$Context.TargetObject.SetInfo()

# Disconnect the mailbox
$Context.TargetObject.DeleteMailbox()
0

Hello,

Thank you for the clarification, but Send As, Send on Behalf Of and Full Access are permissions. Each of these permissions can be delegated to a trustee (e.g. to the user’s manager). Unfortunately, there is no possibility to remove all the trustees listed in the Mailbox Rights list. Could you clarify whether you need to remove all the trustees that can actually be removed or only the trustees that are added during deprovisioning? If latter is the case, could you clarify what they are? A screenshot of the configuration object (e.g Custom Command) used for deprovisioning will be very helpful.

0

When we deprovision an end user in the environment, we add the manager to full access delegation for the two weeks period of time. We need to remove action once the two weeks is up and we 'archive' the mailbox. We looking to clear the 'full access' delegation.

We use this in another section:

Modify mailbox settings for the User: clear Send on Behalf Of, clear Send As

1 Answer

0 votes
by (216k points)
selected by
Best answer

Hello,

Thank you for the clarification. As during the deprovision the Full Access permission over the mailbox is granted to the Manager only, you can update the Modify mailbox settings for the User action in your “another section” to also remove the Manager trustee from the Mailbox Rights list. The action should look like the following:

0

@Support

Thank you that works as we need for removing the manager. For a future request having an ability to remove all users from the Full Access would be beneficial as well.

Related questions

0 votes
1 answer

In our environment, we have many business rules with "Add to group". Now I have to delete the "Add to group xyz" in all business rules, as the group is now rule-based. Is there ... in Adaxes so that I don't have to search for and delete all "Add to group xyz"?

asked Mar 7 by DRiVSSi (240 points)
0 votes
1 answer

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm I need to have adaxes log ... ", "Information") What I get in the log is: What am I doing wrong?

asked Jan 17, 2023 by mightycabal (1.0k points)
0 votes
1 answer

When we deprovision a user the member of groups are deleted and the power shell scrips only runs as removing all memberships. I can't see what was removed. Is there a scrips I can run prior to removing those memberships that will e-mail what they are?

asked Oct 15, 2019 by meyerm (50 points)
0 votes
0 answers

All, Over the last month or so we have been experiencing removing / deactivating Microsoft licenses using Adaxes. Some background on how we do this at my organization is ... troubleshoot this issue? It's intermittent, and not occurring on all disabled users.

asked Mar 30, 2017 by Ben.Burrell (490 points)
0 votes
0 answers

Hey Everyone, I have a few questions about how others are handling the removal of Office 365 licenses for users who have left the organization. I went and set something up that ... "hey, re-enable this user they are still working here, etc". Help! Thanks!!

asked May 24, 2016 by Ben.Burrell (490 points)
3,326 questions
3,026 answers
7,727 comments
544,678 users