Once the account is deleted from Azure, the license is freed up.
See for more:
https://learn.microsoft.com/en-us/answers/questions/578266/when-can-you-remove-the-license-from-a-deleted-o36.html
Best practice in Onboarding & Offboarding users in a Hybrid OnPremise AD DS & Exchange Online environment?
EnterpriseArchitect
6,301
Reputation points
Hi People,
I need some best practices and suggestions for Onboarding & offboarding users in a Hybrid AD DS environment.
All of the mailboxes have been migrated to Office 365/Exchange Online, and the on-premise Active Directory DS is synced to Azure using Azure AD connect.
Thanks in advance.
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Exchange | Hybrid management
Exchange | Hybrid management
The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Answer accepted by question author
-
Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator2022-05-26T13:15:45.99+00:00 -
EnterpriseArchitect 6,301 Reputation points
2022-05-26T14:00:42.057+00:00 Thanks, @Andy David - MVP , I appreciate your help in this.
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator
2022-05-26T12:12:51.677+00:00 In a nutshell:
Onboard:
Create the AD account on-prem,
enable the remote mailbox on-prem and let it sync:
https://learn.microsoft.com/en-us/system-center/orchestrator/enable-remote-mailbox-hybrid?view=sc-orch-2022
https://learn.microsoft.com/en-us/powershell/module/exchange/enable-remotemailbox?view=exchange-ps
Enable-RemoteMailbox "Kim Akers" -RemoteRoutingAddress "kima@Company portal .mail.onmicrosoft.com"License Account.
OffBoard:
Create an OU that is not synced to Azure:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sync-configure-filtering#organizational-unitbased-filteringRemove any licenses.
Disable the account and Move to that OU.Disable the remote mailbox on-prem:
https://learn.microsoft.com/en-us/powershell/module/exchange/disable-remotemailbox?view=exchange-ps
Disable-RemoteMailbox "Kim Akers"-
EnterpriseArchitect 6,301 Reputation points
2022-05-26T13:04:34.063+00:00 Hi, @Andy David - MVP thank you for the update on this thread.
Will the M365 licenses be returned back to the pool, after the OnPremise AD account is moved into the Non-synced OU? -
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(192, 26%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED8%3C/text%3E%3C/svg%3E)
DavidKench-8327 1 Reputation point2022-06-13T06:41:11.377+00:00 Don't remove M365 licenses; they will be freed up when account is deleted from AAD after AD sync following object having been moved to non-syncing OU. Removing the license prior may result in retention policies not applying as intended.
Sign in to comment -