“Decommissioning” a O365 User


If you’re using Office 365 for your business of any size, you’re going to need to add and remove users with some regularity. It’s good practice to have a standard procedure for this. And if you have a standard procedure, why not automate it?

PowerShell for Office 365 allows you to do just that. If you have a Windows machine, you have the Windows PowerShell ISE (Integrated Scripting Environment) already. Just ask Cortana – she’ll tell you. It looks like this:

Windows PowerShell ISE

Details on PowerShell and some useful sample scripts can be found here.

For “decommissioning” a user that has resigned or otherwise left the organization, we want a script that performs 9 steps. Credit to Robert Crane of CIAOPS for this script.

Step 1: Change the user password

-NewPassword MyPwd123!
-ForceChangePassword $false

Step 2: Check the size of the mailbox (you want it under 10GB for archiving)

Get-Mailbox -identity firstname.lastname
-ResultSize Unlimited | Get-MailboxStatistics | Select DisplayName, StorageLimitStatus, TotalItemSize

Step 3: Set limits to avoid the mailbox growing out of control

Set-Mailbox firstname.lastname
-ProhibitSendReceiveQuota 10GB
-ProhibitSendQuota 9.75GB
-IssueWarningQuota 9.5GB

Step 4: Convert to a shared mailbox

Set-Mailbox firstname.lastname -Type shared

Step 5: Hide the mailbox from the Global Address List (GAL)

Set -Mailbox firstname.lastname -HiddenFromAddressListsEnabled $true

Step 6: Set up a forward

Set -Mailbox -Identity firstname.lastname
-DeliverToMailboxAndForward $true

Step 7: Setup full “Send As” permissions

Add-MailboxPermission firstname.lastname
-user destination
-AccessRights FullAccess
-InheritanceType All

Add-RecipientPermission firstname.lastname
-AccessRights SendAs
-Trustee destination

Step 8: Check that the mailbox is now a shared mailbox

-Resultsize unlimited | where {$_.RecipientTypeDetails -eq “SharedMailbox”}

Step 9: Remove licenses

-removelicenses “<tenant>:<SKU>”

In the ISE, the complete script will look like:

ISE with Script.PNG

Now you can decommission a user with a few clicks and perform consistent, automated steps each time.

What PowerShell scripts to you find most useful for administering O365?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s