0 votes

Hi everyone,

Finding and cleaning up dormant AD accounts is obviously pretty easy. But we have a bunch of email-only 365 accounts.

Does anyone have a good way that Adaxes can detect dormant 365 accounts? There is a lastlogontimestamp property within 365, but I'm not sure how we would have adaxes act on it...

Any ideas?

by (100 points)
0

Hello Scott,

What exactly do you mean by "email-only 365 accounts"? Are they synchronized to Active Directory or they are present only in Office 365?

0

What I'm referring to are people with AD and email accounts, but they only ever use email and never logon to a PC, so things like 'LastLogon' attributes never get populated.

Our business has several hundred people in the field using email only on a company iDevice. A lot of these workers are transient, temp, seasonal, etc. We often never find out from managers when people leave, hence I'd like a way to detect inactive mailboxes.

1 Answer

0 votes
by (289k points)
selected by
Best answer

Hello Scott,

Thank you for clarifying. This can be done using a PowerShell script. For example, you can group inactive users into a Business Unit. For details, see https://www.adaxes.com/script-repositor ... t-s509.htm.

0

I think that script should work...

I just tried running it against some test users (in the powershell script editor), and it's constantly erroring out:

"Exception calling "GetMailboxParameters" with "0" argument(s): "The mailbox is not created yet." Stack trace: at <Scriptblock>, <No File>: line 102.

It seems to not like that 'Getmailboxparameters' cmdlet.

Funny enough, I also enabled the 'Show object parameters' after execution, so I can see the user's parameters. Under Active Directory -> Office365 - it shows the user's proper O365 parameters. But under 'Exchange', it just sits and thinks and gets nowhere.

Tried this with multiple current users with valid E3 mailboxes - all the same result.

0

Hello Scott,

I just tried running it against some test users (in the powershell script editor), and it's constantly erroring out:

Did you modify the script? If you did, could you post here or send us (support[at]adaxes.com) the modified version of the script?

"Exception calling "GetMailboxParameters" with "0" argument(s): "The mailbox is not created yet." Stack trace: at <Scriptblock>, <No File>: line 102.

Could you post here or send us (support[at]adaxes.com) a screenshot of the execution log dialog box containing the error message?

Tried this with multiple current users with valid E3 mailboxes - all the same result.

Could you post here or send us (support[at]adaxes.com) a screenshot of what you see in the Office 365 and Exchange tabs?
Does the issue occurs for all the users or only for specific ones?

To help us troubleshoot the issue, do the following:

  1. Enable tracing of PowerShell commands sent to Exchange servers as described in the following help article: https://www.adaxes.com/help/?HowDoI.Per ... uests.html.
  2. Reproduce the issue.
  3. Post here or send us (support[at]adaxes.com) the log file.
0

I will email everything you're asking to support in the next few minutes... Standby.

0

Hello Scott,

Thank you for the provided details. Could you check which roles are assigned in Office 365 to the account whose credentials were used to register your tenant in Adaxes?

0

We created a specific service account for Adaxes and gave it the 'User Management Administrator' role in 365.

Just now, for testing purposes, I changed it to 'Global Administrator', waited 20 minutes (sometimes permissions take a few minutes to take effect in 365)... Now it seems to connect to Exchange properly... All of the Exchange properties populate in Adaxes now when I click on user properties... The script also now works without error!

I would suggest 'User Management Administrator' might be enough for standard O365 tasks, but I'm not sure it's enough for Exchange. 'Global Administrator' roles add people into the 'tenant administrator' role in Exchange, but I don't think user management administrator does'.

0

Hello Scott,

You can check details about Office 365 roles in the following article: https://support.office.com/en-us/articl ... 090b6aaa9d.

According to the User Management Administrator role description, it does give access to Exchange. However, according to the Exchange log you provided, the role does not give access to all the required cmdlets which caused the issue. Thus, it is recommended to use an account that has the Global Administrator role assigned in Office 365 to register tenants in Adaxes.

Related questions

0 votes
1 answer

I have to do a weekly Inactiviy Report for Accounts that have not logged in for 30 days or more. 1 of the reports is for Internal users BUT there is an Account ... Adaxes and working on the product, and i need to get all my reporting done through Adaxes

asked Nov 14, 2022 by dtorannini (80 points)
0 votes
1 answer

Every manager has an overview, where you can see to whom he/she is reporting to and who is reporting to the manager. This will be visible in Microsoft teams ... purpose for this is to use it for email communication (account/password expiration notifications).

asked Jul 4, 2022 by RoBeDi (60 points)
0 votes
1 answer

When running a PowerShell script as an action in a custom command, you can set the script to run as a different account and then use the RunAs property in the ... Is there another way to get the Adaxes service account's credentials from within the script?

asked Mar 31, 2022 by KelseaIT (320 points)
0 votes
1 answer

We have a customized the help desk security role to allow only resetting passwords and unlocking accounts. We don't want them to be able to enable accounts that are disabled ... writing to certain "account options"? It seems that its an all or nothing setting.

asked Nov 14, 2019 by mark.it.admin (2.3k points)
0 votes
1 answer

We use DirSync/AAD Connect (without write-back) and we have some users that use email in the cloud and never authenticate to the on-prem domain controllers. Therefore, we ... has found which one might work the best in an Adaxes scheduled task for example.

asked Jan 31, 2018 by yourpp (540 points)
3,552 questions
3,242 answers
8,243 comments
547,831 users