• State Not Answered
  • Replies 1 reply
  • Subscribers 62 subscribers
  • Views 382 views
  • Users 0 members are here
Options
Related

Need some help walking through my thoughts for deprovisioning

sean rogers
11 months ago

We want to start using Active Roles to offboard users instead of our legacy methods.  Here is what I'm trying to accomplish:

For the deprovision policy, I want to take the users mailbox, covert it to a shared mailbox and give the manager full access.  All users have a manager assigned in AD so that info is there.  Here is the catch, we are set up as a hybrid environment, but mailboxes are created with a e3 license (from a security group) and only live in exchange online.

looking through the forums just so I understand this right, I'll need to use the O365ServicesScriptExecution - Configuration to connect to exchange online, then create another script for converting the usermailbox to a sharedmailbox and set the manager with full access.

Just want to make sure I'm going about this correctly and understanding everything.

Thanks

Parents
  • 0 11 months ago

    There's a KB article that addresses much of your use case.

    Here's some general pointers about the best practice around implementing a script using this feature:

    1. Initiation connection - $Context.O365ImportModules("MSOnline") # Believe this should be ExchangeOnlineManagement for your use case

    2. Build up all the lines of code you want to execute against your tenant into a CR/LF delimited string so something like:

    $ScriptBlockString = "New-Mailbox -Shared -Name `"$mailboxName`" -DisplayName `"$mailboxDisplayName`" -Alias `"$mailboxAlias`" | Set-Mailbox -GrantSendOnBehalfTo `"$mailboxOwner`"" + [System.Environment]::NewLine + "Add-MailboxPermission -Identity `"$mailboxName`" -User `"$mailboxOwner`" -AccessRights FullAccess -InheritanceType All"

    3. Pass this string to the $Context.O365ExecuteScriptCmd($ScriptBlockString)

    4. Close the connection to the tenant:  $context.O365RemoveAllModulesSessions()

Reply
  • 0 11 months ago

    There's a KB article that addresses much of your use case.

    Here's some general pointers about the best practice around implementing a script using this feature:

    1. Initiation connection - $Context.O365ImportModules("MSOnline") # Believe this should be ExchangeOnlineManagement for your use case

    2. Build up all the lines of code you want to execute against your tenant into a CR/LF delimited string so something like:

    $ScriptBlockString = "New-Mailbox -Shared -Name `"$mailboxName`" -DisplayName `"$mailboxDisplayName`" -Alias `"$mailboxAlias`" | Set-Mailbox -GrantSendOnBehalfTo `"$mailboxOwner`"" + [System.Environment]::NewLine + "Add-MailboxPermission -Identity `"$mailboxName`" -User `"$mailboxOwner`" -AccessRights FullAccess -InheritanceType All"

    3. Pass this string to the $Context.O365ExecuteScriptCmd($ScriptBlockString)

    4. Close the connection to the tenant:  $context.O365RemoveAllModulesSessions()

Children
No Data