Office 365: Keep Mailbox when removing AD-Synced user
Summary
If you're working with Office 365 with AAD-Connect, you probably came across the question of- what happens when an employee has left the company and we, as the IT department, would like to remove his AD user and Office 365 license while retaining the mailbox data.
Microsoft gave us the "Convert to Shared" button, but the cause will be losing archive data if exists, and generally does not solve the issue if we would like to remove the AD user, which in its turn will remove the Office 365 based user and mailbox data. Of course, we can restore the deleted mailbox within the retention period, but that is a workaround, and many of my clients are not comfortable with this solution which may be a gateway for trouble.
To overcome this obstacle, here is this SafetyNet tool.
This tool will allow IT staff to retain mailbox data- including online archive, which will be replicated into a license-free shared mailbox, as well as migrate all email and x500 addresses.
The tool will also take care of permissions required for the process, basically allow every IT admin an easy and accessible solution for this predicament
Download
Download available on https://gallery.technet.microsoft.com/Tool-SafetyNet-Retain-05b9df53
SafetyNet Walk-Through
The tool is pretty straightforward and easy to use. A quick walk-through:
1. Connect to O365
First of all, you have to connect the Office 365 service. This is achieved by clicking "Connect Office 365". Once connected the status bar will show green.
NOTE: A user with Exchange Organization Admin permissions or higher is required. Also, certain RBAC permissions are required- this will be verified by SafetyNet itself, and if required will assist you setting required RBAC permissions.
https://gallery.technet.microsoft.com/site/view/file/153154/1/sdfdsf.png
2. Identify Mailbox
Once connected, type in the mailbox primary email address.
3. Verify mailbox
The "Verify Mailbox" is pretty much your trigger and will be used between each phase. This button will verify crucial parameters and will basically walk you through the process. So start by typing in a mailbox address, and click "Verify Mailbox".
4. Prepare Mailbox
If SafetyNet does not detect any prior activity for the specific mailbox, you will be prompted to prepare the mailbox using the appropriate button.
The "Prepare Mailbox" will perform the following:
Create a new shared mailbox.
Assign the new mailbox permissions according to the source mailbox (retain mailbox delegation)
Assigns temporary addresses and x500, for later use (retain email addresses)
5. Replicate Data
Once again, click the verify button. If all checks out, you will be able to use "Replicate Data".
This button will:
Initiate a data replication from the source mailbox to the new SafetyNet mailbox.
Replicate deleted items.
Replicate archive data.
It might take a while, according to your mailbox size.
When replication completes, you will see a replication overview.
6. Remove O365 User
Once the "Replicate Data" is completed, you can safely remove the AD user and run a sync cycle to remove the Office 365 user. (It is recommended to verify folder hierarchy and integrity prior to removing the AD user and mailbox)
7. Set Addresses
Once AD user is removed, and a DirSync cycle occurred- Return to the tool and use the "Set Addresses" button to assign required email and x500 addresses to assure messages are still accepted.
It will look like this:
You have now finished converting your AD sync mailbox to a full stand-alone shared mailbox!