[Feature Request]: Add a Clear Immutable ID button to the Offboarding Wizard #3603
Comments
|
@bits-ie-github Out of curiosity, how do you do that? I thought you could only break the sync by moving it out of a synced OU, and restoring the user again 😅 |
|
@kris6673, We either move the account into a non-synced OU as you mentioned or we use a Synchronisation Rule to break the sync when an AD attribute is a certain value (useful when the entire directory is synced). Both methods do delete the user in 365, but we restore them before using CIPP to finish the offboarding. It might seem a bit convoluted but it still saves a lot of time by allowing us to use CIPP to do all the other elements of an offboarding. And then this way, if a tech or onsite IT resource think they are doing something useful by cleaning up old/inactive AD accounts, it won't have a negative impact on the 365 side. We do use CIPP to alert us on soft deletions to also avoid this 😀 |
|
I would like to work on this please! |
|
Great! I assigned you (@kris6673) to the issue. Have fun working on it! |
Description of the new feature - must be an in-depth explanation of the feature you want, reasoning why, and the added benefits for MSPs as a whole.
When we carry out user offboardings for Synced Users, we usually break the AD sync for the user, so that if the account is deleted in AD or moved to a non-synced OU, it won't result in the 365 User being deleted as well.
This process usually leads to a "synchronisation error" in the AD Sync service within the next 24 hours and the fix is to clear the immutable ID of the off boarded user.
While it's an easy fix to go to Identity Management in CIPP and clear it this way, it would be great to have a button in the offboarding wizard that would prevent this issue/alert from triggering in the first place.
PowerShell commands you would normally use to achieve above request
No response
The text was updated successfully, but these errors were encountered: