Reclaiming Office 365 Licenses
A reader asks: “I’m in the situation where I need to remove Office 365 accounts fast to free licenses. What’s the best way to do this and will the mailboxes belonging to these accounts become inactive?” We could have referred the reader to Chapter 6 of the Office 365 for IT Pros eBook where the scenario is discussed, but it’s probably worth a blog post too.
Deleting and Restoring an Office 365 Account
The simple answer is that you reclaim an Office 365 license if you remove a user account from the tenant using the Office 365 Admin Center (Figure 1 – new version shown) or by running the PowerShell cmdlets Remove-MsolUser or Remove-AzureADUser.It’s usually best to use the Azure AD cmdlets as they are under active development.
Deleted accounts go into the Azure Active Directory recycle bin and remain there for 30 days, during which time you can restore them by accessing the Deleted Users section of the Office 365 Admin Center (Figure 2) or by running the PowerShell cmdlets Restore-MsolUser or Restore-AzureADMSDeletedDirectoryObject.
The big point to remember is that restoring a user account makes the account active again, recovers its mailbox, and reconnects it to distribution lists, Office 365 Groups, and Teams. However, the restore process does not reassign the Office 365 license that the account had when you removed it and if you want to make the account fully operational again, you must assign it a license. If you don’t, Exchange Online will remove the mailbox belonging to the unlicensed account after 30 days.
Removing an Account Permanently
If you want to remove an account permanently and you know that you will never want to restore the account, you can force the negation of the 30-day wait period in the recycle bin. To do this, you remove the account as normal (via the admin center or with PowerShell) and then remove it from the recycle bin. For example, here are the PowerShell commands to delete the account and then remove the deleted object.
$ObjectId = (Get-AzureADUser -ObjectId Ken.Jones@Office365itpros.com).ObjectId
Remove-AzureADUser -ObjectId $ObjectId
Remove-AzureADMSDeletedDirectoryObject -Id $ObjectId
There’s no way back once you remove a deleted object from the Azure Active Directory recycle bin; it can never be recovered.
The question then is whether the mailboxes belonging to accounts that are force-removed from Azure Active Directory become inactive. The answer is yes, assuming that a hold exists on the mailboxes before you remove them. If not, the mailboxes are removed along with the accounts.