Disable User

Disabling ACEM Users

ACEM has become more stringent on user management and we need to ensure we do it correctly each time we do work on them. Regardless of how many times we have done this, this Wiki page MUST be followed each and every time as the information might change from time to time.

This is to be considered the default ACEM user turndown and all steps MUST be followed unless expressly requested otherwise by ACEM.

The ticket cannot be closed until all steps are completed successfully.

The ticket must link to this wiki as your source for how you turned down the account explicitly stating where you deviated and for what reason. For example, “Erased drivve folder per Carrie Hilliker”

  • THIS MUST BE DONE: Be sure to change the POC or add a CC to the staffchanges@acme.net
  • Change the subject line to something using the users name such as: “MANUEL.SMITH – Termination Notice”.

Once the ticket has been updated, please move to the next step.

Reset AD user password

  1. Open a remote session using Teamsviewer or Teamsviewer to ACEM-AWS-DC01
  2. Open ‘Active Directory Users and Computers’
  3. Right Click ‘acme.net’
  4. click ‘Find’
  5. Type in the user’s name you are looking for
  6. Click ‘Find Now’
  7. Right click the user’s name in the list
  8. Click ‘Reset Password’ and set it to something complex. It is not important to write it down.
  9. Make a note in the Description field with Ticket # and Date you reset the password for the account.
  10. Remove the user from all distribution groups except domain users’. This includes RemoteUsers or TerminalServerUsers to remove vpn access.

Grant Full Mailbox access to reviewer, and lock down the account

  • DO NOT DO MAIL FORWARDS UNLESS ASKED BY OWNER
  • IF THEY SAY FORWARD, DO GRANT FULL ACCESS
  • DO NOT FORWARD EMAILS OUTSIDE OF THE ORGANIZATION
  • We will be granting full mailbox access to their email for three (3) weeks
  • Navigate to ACEM admin portal
  • Log in as ODDOO IT@acme.net ACEM ODDOO IT Password
  • Go to Users, Active users
  • Search for and click the user, click “Block Sign in”, It will ask you to verify, go ahead.
  • On the menu to the left, go to Show More, Teams
  • Go to the user Section. find the user
  • Click on the users name, scroll down to General Information.
  • Mark the DID assigned on your ticket.
  • Click Edit, and in assigned number remove the number by putting none, and apply.
  • Go to back to the users page, go to License and Apps
  • Uncheck the calling plan and phone system license.
  • Scroll down to apps, and deselect Microsoft Teams. Save changes
  • Select Mail tab
  • Under mailbox permissions, select Read and Manage Permissions
  • Click add permissions, find and add the user who you want to grant permissions to monitor the mailbox, and click save.
  • Go to more actions at the bottom right, and select Edit Exchange Properties
  • Go to Mailbox Features
  • Disable: Exchange Active Sync, OWA for Devices
  • Under Email Connectivity – Disable Outlook on the web
  • Disable: IMAP, POP3
  • Click to save changes

Auto Reply[edit]

  • If they request an auto-reply to be set up follow these steps:
  • Click ODDOO IT in the top-right corner
  • Click Another User
  • Enter the name of the mailbox you want to put the Auto-Reply on. Hit OK.
  • A new window will pop up, under the selected user’s account.
  • Click “Set up an automatic reply message”, on the right-hand side of the window.
  • Select “Send automatic replies”
  • Replace any previously used auto-reply message with the following:

This email address is no longer active, please email correspondence to vendor.support@acme.net

  • Check “Send automatic reply messages to senders outside my organization” and “Send replies to all external senders”.
  • Replace any previously used auto-reply message with the following:

This email address is no longer active, please email correspondence to vendor.support@acme.net

  • Close the window

(Note: Blocking someone prevents anyone from signing in as this user, and is a good idea when you think their password or username may have been compromised. When you block someone, it immediately stops any new sign-ins for that account, and if they’re signed in, they’ll be automatically signed out from all Microsoft services within 60 minutes.}

Delete the user from Teamsviewer[edit]

Login to Teamsviewer Go to client Look in administration, find the user listed and find the access group(If it is a solo group for just the user) and remove them both.

Grant One Drive access to Monitor[edit]

  • Login to Office365 Admin Panel as ODDOO IT
  • Go to the Users > Active users.
  • Type the users name in the search field
  • Click on the users name and the sub menu will pop out from the right.
  • Select the “One Drive” tab
  • Under the “Get access to file” click on the “Create link to files”. This will then create a link. Copy the link and paste to a notepad, document so you can use it later.
  • Go back to the main admin center.
  • On the left pain, click “Show all”
  • Click on SharePoint
  • Click on “More Features”
  • Click Open under “User Profiles”
  • Under People, click on “Manage User Profiles”
  • In the Find profiles, type in the name of the user who you are turning down.
  • Once the users name pulls up, right click the account name and select “Manage site collection owners”
  • In the Site Collections Administrators, add Jaci Powers and Owner Cox then hit the enter key. The name will show up in the box, underlined now, click on OK. Now the share is set up.
  • Send the user(s) who will monitor the onedrive the link that you got in step # 6
  • The users who have access to the files will need to open the link in her browser, it will look like a share point site.
  • Once this opens, they will need to click on “Sync” this will then sync with their Share Point Folders with there One drive.
  • Once the user is deleted, they share should disappear from SharePoint shares on the local PC or web access.

Adobe License[edit]

We do not managed the Adobe license. This is handled by the internal staff. Any questions, please ask Stuart.

Move TicketsTicket to Hold[edit]

  • In Connectwise, once the above has been completed, change the ticket status.
  • Move the status to ACEM Termination Hold.
  • This will hold for three weeks before deletion.

Archive (Only if requested)[edit]

We have set up a Share Point Site on the ACEM Office 365 site called: ACEM – IT Support – Documents

Share point location

This share is sync’d with ACEM-AWS-DC01 server.

Export the PST/One Drive items from Office 365, and place the PST/OD Files file in this folder for the archived emails.

Deletion[edit]

Removing the O365 License[edit]

  • Navigate to Azure Portal
  • Log in as ODDOO IT@acme.net ACEM ODDOO IT Password
  • On the left side click ‘Azure Active Directory’
  • Click ‘Users and groups’
  • Click ‘All users’
  • Search for your user.
  • Click your user
  • Click ‘Licenses’
  • Click the license under ‘Products’, e.g. Office 365 Business Essentials
  • The above step expands the pane so you can’t see the Products list anymore. Use the horizontal scroll bar to move back to the left
  • Click ‘Remove’
  • Repeat this step for all products
  • Go back to the main admin page, and select Products and services
  • Find the product you just removed from the users account, such as “Microsoft 365 Business Basic” and click on the product. Click on add/remove and remove the extra unused license.

Delete User from Active Directory[edit]

  • Open a remote session using Teamsviewer or Teamsviewer to ONR-DC1
  • Open ‘Active Directory Users and Computers’
  • Click on the user to be deleted
  • Click the Trash Can Icon
  • Click ‘ok’

Restoring a deleted user[edit]

This seems to be a growing issue, where they tell us to not delete someone, right after we’ve deleted them. Here are the steps to restore a recently deleted user in ADUC.

  • Connect to ONR-DC1/ONR-DC2
  • Open Active Directory Administration Center
    • Go to Acme (Local) > Deleted Objects
      • Locate the user
      • Right-click and click Restore.
        • If you get the error message: The operation could not be performed because the object’s parent is either uninstantiated or deleted
        • Right-click and click Restore To…
        • Select ACEM > EZ Remote Users and hit OK
    • Check ADUC and confirm the user is back.
    • The account should be able to log back in immediately.
      • You can force a synchronization or wait 30 minutes for ADUC to fully sync changes with the cloud.
    • After the account has fully sync’d to the cloud it will show up under the Active Users section.
      • Assign it the Microsoft 365 Business Essentials license or E3, depending on what they had before.

Related Articles

Responses

Your email address will not be published. Required fields are marked *