Microsoft: User Offboarding Crate
If you’re new to Crates, read through our introductory Crate documentation here. Find the Crate in our Crate Marketplace.
What does the Microsoft: User Offboarding Crate do?
Our Microsoft: User Offboarding Crate streamlines the offboarding process for users within an organization, for time savings and increased efficiency. The automation is triggered via a form submission, allowing designated personnel to initiate the offboarding tasks.
Detailed ticketing: Automation logging steps that are done throughout the offboarding process are documented by logging entries to the ticket, via a single note, making it easier to tell where an issue occurred and what steps were performed.
Efficiency: Streamline the user offboarding process by increasing time savings and decreasing the potential for user error.
Security: Ensure that necessary offboarding steps are performed when an account is terminated.
This Crate does not handle On-Prem Exchange and will only handle Exchange functionality via Office 365.
This Crate does the following tasks:
Detailed Ticketing
Offboarding Approval Process
Offboarding Delay
Supervisor Notifications
Session Invalidation
Password Reset
Exchange Actions
Convert to shared mailbox
Assignment of shared mailbox permissions
Hide from GAL
Forward mail
Set out of office
Remove mobile devices
Disable Accounts
Move OU
Group Membership Removal
Employee ID Removal
Disable PSA Contact
Removal of Supervisor Assignment
License Removal
Crate prerequisites
The Microsoft Cloud Integration Bundle must be set up before unpacking this Crate.
Identity provider configuration
Azure AD Only
Hybrid On-Prem and Azure AD: Synced
Hybrid On-Prem and Azure AD: No Sync
On-Prem Only
Set up the Microsoft: User Offboarding Crate
Navigate to Crates > Crate Marketplace in the Rewst platform.
Search for
Microsoft: User Offboarding.Click on the Crate tile to begin unpacking.
Click Unpack Crate.
Click Continue.
Click Unpack.
The organization variable
user_offboard_form_namemust be set to the name of the form unpacked with the Crate.
Use the Microsoft: User Offboarding Crate
Navigate to Automations > Workflows in the Rewst platform
Search for
Microsoft: User Offboarding.Click into the workflow.
Click
to navigate to the trigger.
Click View Direct URLs.
Select the company you'd like to use to test the workflow. Copy the URL and paste it into a new window.
Fill out the form as appropriate for the company and user you are offboarding. Make sure to click Submit at the end of the form.
Once the form is submitted, the workflow will begin to run. To view the results, click
in the workflow editor page.
Click into the results to see the execution results with successes and failures, if there are any.
Example of end of ticket output
Example of end of ticket output for the Microsoft: User Offboarding Crate
Offboading for John Smith completed.
User was removed from the following groups: test distro list test security group Actual No Really LLC
Could Not Remove User from Dynamic Groups: All Users
Automation Logs:
Automation Complete
Succeeded: True
Status Code: 1001
Warnings: Entry: Group removal completed with warning, this is usually due to the user being a member of a dynamic group. - Status: 1001
Errors: No errors reported.
Full Automation Log:
Entry: Successfully sanitised all expected strings - Status: 1000
Entry: Determined IDP to be: on_prem - Status: 1000
Entry: Valid IDP was determined. - Status: 1000
Entry: Gathered user details successfully. - Status: 1000
Entry: No ticket provided via form, creating ticket. - Status: 1000
Entry: Successfully created the PSA Ticket - Status: 1000
Entry: Successfully updated the PSA Ticket - Status: 1000
Entry: No approval needed, continuing. - Status: 1000
Entry: Delay requested. - Status: 1000
Entry: Successfully delayed automation until expected time. - Status: 1000
Entry: Successfully returned a defined password. - Status: 1000
Entry: Notification to supervisor requested. - Status: 1000
Entry: Successfully completed call to lookup supervisor. - Status: 1000
Entry: Successfully verified email of supervisor. - Status: 1000
Entry: Notified supervisor. - Status: 1000
Entry: Invalidate sessions chosen in form, initiating invalidation of sessions. - Status: 1000
Entry: Successfully invalidated sessions. - Status: 1000
Entry: Successfully changed password. - Status: 1000
Entry: Exchange actions chosen in form, initiating Exchange actions. - Status: 1000
Entry: Performed Exchange actions. - Status: 1000
Entry: Disable account chosen in form, disabling user. - Status: 1000
Entry: Successfully disabled account. - Status: 1000
Entry: Environment variables indicate AD Sync is needed, attempting AD Sync. - Status: 1000
Entry: Attempted to run AD Sync. Workflow completed successfully but this doesn't indicate a successful AD Sync. - Status: 1000
Entry: Group removal completed with warning, this is usually due to the user being a member of a dynamic group. - Status: 1001
Entry: Employee ID removal not requested, skipping. - Status: 1000
Entry: PSA contact removal requested, attempting removal. - Status: 1000
Entry: Successfully ran disable_psa_contact task. - Status: 1000
Entry: Supervisor/Manager attribute removal requested, attempting removal. - Status: 1000
Entry: Successfully removed supervisor. - Status: 1000
Entry: Attempted to run AD Sync. Workflow completed successfully but this doesn't indicate a successful AD Sync. - Status: 1000
Entry: Attempting to move user to another OU. - Status: 1000
Entry: Moved user to the requested OU. - Status: 1000
Entry: Workflow complete, attempting ticket update. - Status: 1000
Org variables in use for the Microsoft: User Offboarding Crate
For information specific to these org variables please review our guidance organization variables here.
Note that org variables not found in the organization variables documentation are typically system variables that are handled by the integration mappings.
If you haven't done so already, it's recommended that you run the org variable configuration crate, which will help you set org variables that are relevant to you and your customer's environments.
agent_smith_is_installedautomation_task_new_user_timeautomation_task_offboard_user_timeazure_iothub_nameazure_iothub_resource_groupazure_iothub_subscription_idcwControl_CompanyNamecw_automate_client_idcw_control_session_group_overridecw_manage_company_iddatto_company_iddatto_note_typedatto_rmm_site_id
default_psadefault_rmmfailure_emailfreshdesk_company_idhalo_psa_client_idhalo_ticket_site_nameimmybot_tenant_idkaseya_bms_account_idkaseya_vsa_10_scriptidkaseya_vsa_org_idkaseya_vsa_x_org_idnable_customer_idnable_device_filter_idnable_rewst_powershell_script_idnew_user_approval_emailninja_org_idninja_run_as_userno_azure_adno_ticket_timeonprem_no_adsyncpreferred_domain_controllerprimary_domain_controllerprimary_identity_providerprioritypsa_alert_ticket_typepsa_all_notes_internalpsa_datto_default_issue_typepsa_datto_default_sub_issue_typepsa_datto_default_ticket_categorypsa_datto_default_ticket_typepsa_default_agreement_namepsa_default_board_idpsa_default_tech_idpsa_default_tech_workrolepsa_default_tech_worktypepsa_default_ticket_impactpsa_default_ticket_prioritypsa_default_ticket_sourcepsa_default_ticket_statuspsa_default_ticket_urgencypsa_halo_cab_idpsa_halo_cab_typepsa_halo_ticket_outcome_completed_taskpsa_new_user_ticket_subtypepsa_new_user_ticket_typepsa_no_ticket_timepsa_offboarding_user_ticket_itempsa_offboarding_user_ticket_subtypepsa_offboarding_user_ticket_typepsa_ticket_status_completed_taskpsa_ticket_status_waiting_inputrequire_approval_for_offboarding_usersrmm_preferred_adconnect_serverservicenow_account_idtime_entry_ticket_status
Recommended migration path
☝️If you’re using a previous version of the onboarding workflow, follow these migration steps below. If this is your first time using this Crate, this information isn't relevant to you.
Unpack this Crate in your environment.
Perform testing to make sure that you have all the required organization variables set correctly. The same variables are used in this updated Crate as were used in the previous version. If you need to update any organization variables, then please follow this guide.
After testing and confirming that it is functioning as expected, please move forward with the steps below:
If you plan to utilize the updated form in this crate, rather than the legacy form:
Go to the previous crate's top level workflow and disable any form triggers. This will prevent users from submitting requests to the wrong workflow.
Update your internal documentation with the new form links.
If Applicable, provide your customers with their new form link.
You are able to link the previous Crates form to this version, though given the minimal differences there may not be a clear advantage other than not needing to change the link destinations. The previous form will not receive any further updates or enhancements.
Got an idea for a new Crate? Rewst is constantly adding new Crates to our Crate Marketplace. Submit your idea or upvote existing ideas here in our Canny feedback collector.
Last updated
Was this helpful?