Pia - Terminate User
Overviewβ
This package will terminate a user account in Active Directory or the Microsoft Office 365 Cloud.
Platformsβ
The package supports the following platforms
- Cloud Hybrid
- Cloud Only
- On Prem
- Semi-Hybrid
Requirementsβ
The package has different requirements depending on which platforms are being supported.
Cloud Hybrid Orchestrator agents in a valid state on
- Primary Domain Controller
- Azure Active Directory Connect Server
On Prem Orchestrator agent in a valid state on
- Primary Domain Controller
Cloud Only
- Microsoft Graph API Authorization and Delegation
Setup & Configurationβ
Global Config
- Primary Domain Controller
- Azure Active Directory Connect Server
Microsoft Graph API
- Authorization and Delegation configured
Processβ
The steps that the package takes during process execution are:
tabset {.tabset}
Cloud Hybridβ
Step 1 Pia will create pre-termination manual tasks against the Ticket for the Chat User to complete
Step 2 Pia will advise the Chat User if there are pre-termination manual tasks to be performed.
Step 3 Retrieve a list of users from the All Staff Group and select one to begin the offboarding procedure.
Step 4 Request a reason for terminating the user to be provided. The options are as follows:
- Termination
- Leave
- Audit
- Other
Step 5 Pia will advise that the account will be disabled.
Pia will perform the following actions in Active Directory on the Primary Domain Controller
- Disable the account
- Removed from the GAL (msExchHideFromAddressLists = TRUE)
- Exchange RecipientType set to Shared (msExchRecipientDisplayType = 0, msExchRecipientTypeDetails = 4)
- Remove all security groups from the user
- Move the User account to the Disabled Users Organizational Unit
Pia will then perform the following actions in Office 365
- Convert the User mailbox to a Shared Mailbox
- Remove the O365 license from the disabled user account
These attributes will also be modified on the user account. (Attribute|Value) mail|\<sam>-NLE@vitgdemo.com
Pia will run a directory sync to Office 365 on the Azure Active Directory Connect server
Step 6 Check if the Azure Active Directory Sync configuration is set up using a Group Filter, and add the user back to this group so the User can still sync to Office 365.
Step 7 Checks the Exchange environments to see where the mailbox is located.
Step 8 Login to the Domain Controller and reset the user password to a random password.
Step 9 Store the terminated user information if we need to re-enable the user in the future. Information stored:
- Username
- Licenses
- Groups
Step 10 Pia will create manual tasks against the Ticket for the Chat User to complete
Step 11 Pia will advise the Chat User that the account has been disabled.
Step 12 Pia will advise the Chat User if there are manual tasks to be performed.
Cloud Onlyβ
Step 1 Pia will create pre-termination manual tasks against the Ticket for the Chat User to complete
Step 2 Pia will advise the Chat User if there are pre-termination manual tasks to be performed.
Step 3 Gets a list of users from the All Staff Group.
Step 4 Prepares the form properties for the terminate user form.
Step 5 Presents the Terminate User Form the in the chat windows.
Step 6 Request a reason for terminating the user to be provided. The options are as follows:
- Termination
- Leave
- Audit
- Other
Step 7 Advises the Chat User that the account will be disabled.
Step 8 Generate a new password containing an Upper Case character, special character and numbers. This is a suggested password - but the format will generally meet password complexity rules.
Step 9 Tell Microsoft Graph API to perform the password reset with a random new password.
Step 10 Gets a list of groups the user is a member of to document in the ticket.
Step 11 Converts the User mailbox to a Shared Mailbox.
Step 12 Tell Microsoft Graph API to disable the account in Azure Active Directory.
Step 13 Removes the Microsoft Office 365 license from the disabled user account.
Step 14 Prepares a JSON string of the Manual Tasks to be created against the ConnectWise ticket.
Step 15 Pia will create manual tasks against the Ticket for the Chat User to complete
Step 16 Store the terminated user information if we need to re-enable the user in the future. Information stored:
- Username
- Licenses
- Groups
Step 17 Advises the Chat User that the account has been disabled.
Step 18 Pia will advise the Chat User if there are manual tasks to be performed.
Semi-Hybridβ
Step 1 Pia will create pre-termination manual tasks against the Ticket for the Chat User to complete
Step 2 Pia will advise the Chat User if there are pre-termination manual tasks to be performed.
Step 3 Retrieve a list of users from the All Staff Group and select one to begin the offboarding procedure.
Step 4 Request a reason for terminating the user to be provided. The options are as follows:
- Termination
- Leave
- Audit
- Other
Step 5 Pia will advise that the account will be disabled. Pia will perform the following actions in Active Directory on the Primary Domain Controller
- Disable the account
- Removed from the GAL (msExchHideFromAddressLists = TRUE)
- Exchange RecipientType set to Shared (msExchRecipientDisplayType = 0, msExchRecipientTypeDetails = 4)
- Remove all security groups from the user
- Move the User account to the Disabled Users Organizational Unit
Pia will then perform the following actions in Office 365
- Convert the User mailbox to a Shared Mailbox
- Remove the O365 license from the disabled user account
Pia will run a directory sync to Office 365 on the Azure Active Directory Connect server
Step 6 Login to the Domain Controller and reset the user password to a random password.
Step 7 Tell Microsoft Graph API to perform the password reset with the new password.
Step 8 Tell Microsoft Graph API to disable the account in Azure Active Directory.
Step 9 Prepares a JSON string of the Manual Tasks to be created against the ConnectWise ticket.
Step 10 Pia will create manual tasks against the Ticket for the Chat User to complete
Step 11 Store the terminated user information if we need to re-enable the user in the future. Information stored:
- Username
- Licenses
- Groups
Step 13 Pia will advise the Chat User if there are manual tasks to be performed.
On Premβ
Step 1 Pia will create pre-termination manual tasks against the Ticket for the Chat User to complete
Step 2 Pia will advise the Chat User if there are pre-termination manual tasks to be performed.
Step 3 Gets a list of users from the All Staff Group.
Step 4 Prepares the form properties for the terminate user form.
Step 5 Presents the terminate user form the in the chat windows.
Step 6 Presents the Terminate User Reason form to get the reason for termination.
Step 7 Pia will advise that the account will be disabled. Pia will perform the following actions in Active Directory on the Primary Domain Controller
- Disable the account
- Removed from the GAL (msExchHideFromAddressLists = TRUE)
- Exchange RecipientType set to Shared (msExchRecipientDisplayType = 0, msExchRecipientTypeDetails = 4) Remove all groups from the user Move the User account to the Disabled Users Organizational Unit
Step 8 Disables the account in Active Directory, this activity is performed on the Primary Domain Controller.
Step 9 Login to the Domain Controller and reset the user password to a random password.
Step 10 Prepares a JSON string of the Manual Tasks to be created against the ConnectWise ticket.
Step 11 Pia will create manual tasks against the Ticket for the Chat User to complete
Step 12 Store the terminated user information if we need to re-enable the user in the future. Information stored:
- Username
- Groups
Step 13 Advises the Chat User that the account has been disabled.
Step 14 Pia will advise the Chat User if there are manual tasks to be performed.