0 votes

We have a workflow that keeps the employees mailbox active for 2 weeks after the user is deprovisioned and assigns the manager with full access. We need a additional workflow that will remove ALL delegation on the account after the two weeks is up. Please advise.

by (14.9k points)
0

Hello,

Could you, please, specify how exactly the current workflow is configured? Screenshots would be very helpful. You can post them here or send to our support email (support[at]adaxes.com).
Do we understand correctly, that 2 weeks after deprovisioning, all the trustees should be removed from the Mailbox Rights section including the user manager?

0

@ Support - You are correct we would like all trustees removed (Send As, Send on Behalf and Full Access) after the two weeks is complete.

Below is the current process in screenshot and code pasted in.

$mbGUIDProperty = "adm-CustomAttributeBinary5" # TODO: modify me
$mbStorePathProperty = "adm-CustomAttributeText5" # TODO: modify me

# Get mailbox GUID and mailbox store DN
$exchangeGuid = $Context.TargetObject.Get("msExchMailboxGuid")
$mailboxStoreDN = $Context.TargetObject.Get("homeMDB")

# Save the GUID and the DN to Custom Attributes
$Context.TargetObject.Put($mbGUIDProperty, $exchangeGuid)
$Context.TargetObject.Put($mbStorePathProperty, $mailboxStoreDN)
$Context.TargetObject.SetInfo()

# Disconnect the mailbox
$Context.TargetObject.DeleteMailbox()
0

Hello,

Thank you for the clarification, but Send As, Send on Behalf Of and Full Access are permissions. Each of these permissions can be delegated to a trustee (e.g. to the user’s manager). Unfortunately, there is no possibility to remove all the trustees listed in the Mailbox Rights list. Could you clarify whether you need to remove all the trustees that can actually be removed or only the trustees that are added during deprovisioning? If latter is the case, could you clarify what they are? A screenshot of the configuration object (e.g Custom Command) used for deprovisioning will be very helpful.

0

When we deprovision an end user in the environment, we add the manager to full access delegation for the two weeks period of time. We need to remove action once the two weeks is up and we 'archive' the mailbox. We looking to clear the 'full access' delegation.

We use this in another section:

Modify mailbox settings for the User: clear Send on Behalf Of, clear Send As

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

Thank you for the clarification. As during the deprovision the Full Access permission over the mailbox is granted to the Manager only, you can update the Modify mailbox settings for the User action in your “another section” to also remove the Manager trustee from the Mailbox Rights list. The action should look like the following:

0

@Support

Thank you that works as we need for removing the manager. For a future request having an ability to remove all users from the Full Access would be beneficial as well.

Related questions

0 votes
1 answer

When we deprovision a user the member of groups are deleted and the power shell scrips only runs as removing all memberships. I can't see what was removed. Is there a scrips I can run prior to removing those memberships that will e-mail what they are?

asked Oct 15, 2019 by meyerm (280 points)
0 votes
0 answers

All, Over the last month or so we have been experiencing removing / deactivating Microsoft licenses using Adaxes. Some background on how we do this at my organization is ... troubleshoot this issue? It's intermittent, and not occurring on all disabled users.

asked Mar 30, 2017 by Ben.Burrell (2.7k points)
0 votes
0 answers

Hey Everyone, I have a few questions about how others are handling the removal of Office 365 licenses for users who have left the organization. I went and set something up that ... "hey, re-enable this user they are still working here, etc". Help! Thanks!!

asked May 24, 2016 by Ben.Burrell (2.7k points)
0 votes
1 answer

Hello, I am a great fond of the "Add/Modify property..." feature that allows to batch edit users. But, quite often I do also have to bulk remove an attribute. ... could for instance be achieve through a special value like %null%, or a dedicated menu. Regards,

asked Jul 8, 2014 by Pierre (4.4k points)
0 votes
1 answer

We're trying to add a Send As permission in the properties for a group through Adaxes. It works for Send on Behalf, but whenever we try to add Send As delegation in Adaxes, ... (#Ze operation) at #re.#qe.Execute() --- End of inner exception stack trace ---

asked May 21, 2019 by rmoat (280 points)
2,251 questions
2,011 answers
5,504 comments
24,683 users