Delegation removal

We have a workflow that keeps the employees mailbox active for 2 weeks after the user is deprovisioned and assigns the manager with full access. We need a additional workflow that will remove ALL delegation on the account after the two weeks is up. Please advise.

by (3.2k points)
by (216k points)
0

Hello,

Could you, please, specify how exactly the current workflow is configured? Screenshots would be very helpful. You can post them here or send to our support email (support[at]adaxes.com).
Do we understand correctly, that 2 weeks after deprovisioning, all the trustees should be removed from the Mailbox Rights section including the user manager?

by (3.2k points)
0

@ Support - You are correct we would like all trustees removed (Send As, Send on Behalf and Full Access) after the two weeks is complete.

Below is the current process in screenshot and code pasted in. 

$mbGUIDProperty = "adm-CustomAttributeBinary5" # TODO: modify me
$mbStorePathProperty = "adm-CustomAttributeText5" # TODO: modify me

# Get mailbox GUID and mailbox store DN
$exchangeGuid = $Context.TargetObject.Get("msExchMailboxGuid")
$mailboxStoreDN = $Context.TargetObject.Get("homeMDB")

# Save the GUID and the DN to Custom Attributes
$Context.TargetObject.Put($mbGUIDProperty, $exchangeGuid)
$Context.TargetObject.Put($mbStorePathProperty, $mailboxStoreDN)
$Context.TargetObject.SetInfo()

# Disconnect the mailbox
$Context.TargetObject.DeleteMailbox()
by (216k points)
0

Hello,

Thank you for the clarification, but Send As, Send on Behalf Of and Full Access are permissions. Each of these permissions can be delegated to a trustee (e.g. to the user’s manager). Unfortunately, there is no possibility to remove all the trustees listed in the Mailbox Rights list. Could you clarify whether you need to remove all the trustees that can actually be removed or only the trustees that are added during deprovisioning? If latter is the case, could you clarify what they are? A screenshot of the configuration object (e.g Custom Command) used for deprovisioning will be very helpful.

by (3.2k points)
0

When we deprovision an end user in the environment, we add the manager to full access delegation for the two weeks period of time. We need to remove action once the two weeks is up and we 'archive' the mailbox. We looking to clear the 'full access' delegation.

We use this in another section:

Modify mailbox settings for the User: clear Send on Behalf Of, clear Send As

1 Answer

by (216k points)
Best answer
0 votes

Hello,

Thank you for the clarification. As during the deprovision the Full Access permission over the mailbox is granted to the Manager only, you can update the Modify mailbox settings for the User action in your “another section” to also remove the Manager trustee from the Mailbox Rights list. The action should look like the following:

by (3.2k points)
0

@Support

Thank you that works as we need for removing the manager. For a future request having an ability to remove all users from the Full Access would be beneficial as well.

Related questions

AAD group user removal

I'm working to remove disabled users from both AD and AAD groups. The script I'm using (https://www.adaxes.com/script-repository/remove-all-group-memberships- ... . Are there any additional prerequisites or configurations needed to enable group removal in AAD?

asked Jan 15 by sdiaz3256 (20 points)
0 votes
1 answer
Removal of an "Add to" in all business rules

In our environment, we have many business rules with "Add to group". Now I have to delete the "Add to group xyz" in all business rules, as the group is now rule-based. Is there ... in Adaxes so that I don't have to search for and delete all "Add to group xyz"?

asked Mar 7, 2024 by DRiVSSi (360 points)
0 votes
1 answer
For shared mailboxes: What is the correlation between WEB and GUI delegation?

In the Adaxes GUI I see three forms of delegation: Send As Send on Behalf Of Mailbox Rights In the WEB GUI there are also three forms of delegation: Shared Mailbox Members Full ... Behalf Of" missing on the WEB? -- Morten A. Steien For reference GUI: WEB:

asked Jul 14, 2023 by Morten A. Steien (300 points)
0 votes
1 answer
With Adaxes can we add delegation permissions such as joining machines to domain ?

Looking to add a delegated permission for a specific OU for a security role (Help-Desk) to provide the ability to join machines to the domain and also rename the machines in domain.

asked Apr 14, 2023 by Vish539 (500 points)
0 votes
1 answer
How to log each group removal in Adaxes script?

When using the remove all groups script from your repository. https://www.adaxes.com/script-repository/remove-all-group-memberships-for-a-user-account-s33.htm I need to have adaxes log ... ", "Information") What I get in the log is: What am I doing wrong?

asked Jan 17, 2023 by mightycabal (1.2k points)
0 votes
1 answer