Icon

Removing a user from O365 and AD

This is a step-by-step process for removing a user from O365 and AD

By Nick Renwick

In this example we are going to use a RHASS test user.

To delete a user in O365 we need to; remove licenses, convert the user to a shared mailbox, assign permissions to that mailbox, configure auto-replies, rename user, remove them from any groups.

Then in AD, we need to; remove any groups from the user, 'un-protect' the object, disable the user and move the user to the disabled users OU group.

1
Log into O365 and search and click on your user.
2
First Click on 'Sign out of all sessions.'
Then 'Block sign-in'
Step #2: First Click on 'Sign out of all sessions.' Then 'Block sign-in'
3
Next click on "Delete user"
Step #3: Next click on "Delete user"
4
Depending on how licensed, by default select 'Remove the licenses from the subscription and reduce costs'
Step #4: Depending on how licensed, by default select 'Remove the licenses from the subscription and reduce costs'
5
Untick "Make their email aliases available immediately"
Step #5: Untick "Make their email aliases available immediately"
6
Select "Give another user access to this users email"
Step #6: Select "Give another user access to this users email"
7
Select "Required : Give email access to another user"
Step #7: Select "Required : Give email access to another user"
8
Search for wsadmin
Step #8: Search for wsadmin
9
Click on "Why Settle Admin"
Step #9: Click on "Why Settle Admin"
10
Click on "Create a new display name"
Step #10: Click on "Create a new display name"
11
Add "(Archived)" to the end of their username
Step #11: Add "(Archived)" to the end of their username
12
Click on "Next"
Step #12: Click on "Next"
13
If they've requested automatic replies, you can enable this feature.
Step #13: If they've requested automatic replies, you can enable this feature.
14
We will keep the email aliases as they are. This ensures that if someone external emails an alias previously set up, it will still work and go to the shared mailbox unless it has been requested to be reassigned to someone else or removed.
Step #14: We will keep the email aliases as they are. This ensures that if someone external emails an alias previously set up, it will still work and go to the shared mailbox unless it has been requested to be reassigned to someone else or removed.
15
Review steps
Step #15: Review steps
16
Click on "Transfer ownership"
Step #16: Click on "Transfer ownership"
17
Click on "Assign and convert"
Step #17: Click on "Assign and convert"
18
Wait for it to complete
Step #18: Wait for it to complete
19
Refresh the page, and click back into the user, which should now say '(Archived)
Step #19: Refresh the page, and click back into the user, which should now say '(Archived)
20
Select 'Manage Groups'
Step #20: Select 'Manage Groups'
21
Take a screenshot or note of any groups the user is a member of to put in Autotask ticket.
22
Select all groups, and click 'Remove'
Step #22: Select all groups, and click 'Remove'
23
Confirm removal, Click 'Yes'
Step #23: Confirm removal, Click 'Yes'
24
Navigate to 'Shared Mailbox's'
Step #24: Navigate to 'Shared Mailbox's'
25
Find and click on your user
Select 'Edit' under 'Show in global address list'
Step #25: Find and click on your userSelect 'Edit' under 'Show in global address list'
26
Untick 'Show in my organization's global address list
Click 'Save'
Step #26: Untick 'Show in my organization's global address listClick 'Save'
27
Hop onto the sites Domain controller, in this case RHASSDC-02
Open 'Active Directory'
Step #27: Hop onto the sites Domain controller, in this case RHASSDC-02Open 'Active Directory'
28
Find the user in AD
Step #28: Find the user in AD
29
Right-click on user
Step #29: Right-click on user
30
Click on "Properties"
Step #30: Click on "Properties"
31
First, if they are a member of any groups, we need to remove them.
Click on "Member Of"
Step #31: First, if they are a member of any groups, we need to remove them.Click on "Member Of"
32
Take a note, or screenshot of the users groups. Add this to your Autotask ticket for reference.
33
Select all groups (other than domain user), then Click on "Remove"
Step #33: Select all groups (other than domain user), then Click on "Remove"
34
Click on "Yes"
Step #34: Click on "Yes"
35
Click on "Apply"
Step #35: Click on "Apply"
36
Then, go into 'Object'
Step #36: Then, go into 'Object'
37
Uncheck the 'Protect object from accidental deletion.'
Step #37: Uncheck the 'Protect object from accidental deletion.'
38
Click on "OK"
Step #38: Click on "OK"
39
Right click on the user and select "Disable Account"
Step #39: Right click on the user and select "Disable Account"
40
Click on "OK"
Step #40: Click on "OK"
41
Finally drag the user into Disabled Users OU folder.
Step #41: Finally drag the user into Disabled Users OU folder.
42
Click on "Yes" to move.
Step #42: Click on "Yes" to move.