Univention Bugzilla – Bug 40350
create cleanup page for office365
Last modified: 2019-01-03 07:21:50 CET
Because of permission changes in the Azure API (see Bug #) users are currently not deleted in the Azure AD but only deactivated. Those are now also marked (immutableId = "deactivated_<immutableId>"), so they could be automatically deleted with the proper permissions. Those permissions are granted in an interactive session that could easily be implemented in a UMC UI module. The user would click a button "cleanup", be redirected to authenticate with MS and then UMC could issue the appropriate commands to the Azure REST API and delete all marked users. The code for this is in ucs-4.0/component/office365/univention-office365/ as there I didn't know how to do it with certificates.
MS make changes permission in the Azure API for client authentication [1][2][3] without creating an alternative first... The listener deactivates users and remove the occupied licenses. But that still leaves them in existence in the Azure AD. Furthermore the properties "password" and "mobile" cannot be changed (can only be set when creating the user). Currently the AAD user accounts are reused if the user would be reactivated. They could also be renamed, so every time a new user would be created. This could be used as a workaround for the "mobile" attribute. It should be checked if the PowerShell script is easy for customers to run. [1] https://github.com/Azure-Samples/active-directory-dotnet-graphapi-console/issues/27 [2] https://support.microsoft.com/en-us/kb/3004133 [3] http://stackoverflow.com/questions/31834003/azure-ad-change-user-password-from-custom-app
postponed
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.