***You need to verify access cut-off on:

· **BW-BWDC1-NY **(Primary DC)

· **BO-BODC1-NY **(VPN DC)

· **CLDC1 **(Adstra DC)

· O365

· PBAs

Stage One: Steps 1 - 15

Stage Two: Steps 16 – 53

1.  Connect to **BW-BWDC1-NY** via ScreenConnect / NCentral. (centrexit, credentials in
    PWState)

2.  Start with Active
    Directory (AD), locate the terminated user by right clicking the domain and selecting **find**.

3.  Search for the user, then
    right click their name, hit **reset password.

   **Reset the password using the “Terminated Employee’s AD Password” from PWState > Domain\Service Accounts

4.  Once reset, double click
    the user’s name, then go to the **Account** tab. Under account options, check the “Account is Disabled”
    selection. Hit **Apply, **followed by **OK**
    to close out of the users AD Profile.

5.  Run ADSync via Powershell
    as administrator.

· Start-ADSyncSyncCycle -PolicyType Delta

6.  Log onto Portal.office.com with the O365 – Email Admin credentials provided in PWState
    ([centrexit@belardiwong.com](mailto:centrexit@belardiwong.com)) Then
    navigate to the admin console.

7.  Navigate to **Users > Active Users** then search for the terminated user.

8.  From the user’s profile,
    reset the password using the “Terminated Employee’s AD Password” from PWState > Domain\Service Accounts

   and select **Block sign-in. **

9.  Under the Mail tab, ensure
    any requested automatic replies, forwards, and delegations have been granted on this terminated user’s mailbox
    based on the User Offboarding Request. Log off the server when complete.

10. Connect to BO-BODC1-NY via ScreenConnect / NCentral. (belardiostroy\alc, credentials in PWState)

11. Within Active Directory (AD), locate the terminated user by right clicking the domain and selecting find.

12. Search for the user, then right click their name, hit **reset password. **Reset the password using the “Terminated Employee’s AD Password” from PWState > Domain\Service Accounts

13. Once reset, double click the user’s name, then go to the Account tab. Under account options, check the “Account is Disabled” selection. Hit **Apply, **followed by OK to close out of the users AD Profile.

14. Reference Adstra’s User Offboarding WI (KB00001230 [retired]) to verify and take action on term employee’s Adstra account.

15. Schedule time to complete Phase Two of the offboard.

16. Reference Adstra’s User Offboarding WI (KB00001230 [retired]) to verify and closeout term employee’s Adstra AD Account, then complete the rest of the steps below.

17. Connect to BW-BWDC1-NY via ScreenConnect / NCentral. (centrexit, credentials in PWState)

18. Open Active Directory (AD) and locate your user from their respected OU. (**corp.belardiwong.com

    Belardi Wong* > O365 Syncing*)

19. Under the Account tab, verify the user’s account is still checked as “Account is disabled.”

20. Go to the **Organization **tab, then under the Manager field, hit Clear, then Apply to save.

21. Next, go to the Member Of tab, select all security groups and hit Remove (Remember to record each group within the offboarding ticket). Hit Apply once complete. Example below:

22. Next, go to the **Attribute Editor **tab, start with searching for mailNickname and verifying it is updated to the username of the terminated account. If not, update to username.

23. Next, search for msExchHideFromAddressLists then set the value to True. Hit OK, Apply, then OK again to close out of the user’s AD Profile.

24. Right-click the Name of your Terminated User, then select Move.

25. Relocate the User’s profile to the OU of **corp.belardiwong.com > Belardi Wong > Disabled Users. **Hit OK once complete.

26. Run ADSync via Powershell as administrator.

· Start-ADSyncSyncCycle -PolicyType Delta

27. Connect to BO-BODC1-NY via ScreenConnect / NCentral. (belardiostroy\alc, credentials in PWState)

28. Open Active Directory (AD) and locate your user from their respected OU. (belardiostroy.local > Belardi > Migrated User Accounts)

29. Under the Account tab, verify the user’s account is still checked as “Account is disabled.”

30. Right-click the Name of your Terminated User, then select Move.

31. Relocate the User’s profile to the OU of **belardiostroy.local > Disabled Users. **Hit OK once complete. Log off the server.

32. Log onto Portal.office.com with the O365 – Email Admin credentials provided in PWState (centrexit@belardiwong.com) Then navigate to the admin console.

33. On the left-hand side of the page, navigate to the Azure Portal.

34. From the Azure portal, go to the Users tab on the left-hand side, then search and select the terminated User.

35. From the User’s page, select Authentication Methods on the left-hand side. Verify all contact information is removed and recorded in the offboarding ticket.

36. Select the 3 dots at the top, then select Revoke MFA Sessions. Hit Save once complete.

37. Navigate to the Groups tab on the left-hand side. Then check all groups (record them all in the ticket) and Remove Memberships. Close out of the Azure portal once complete.

38. Once back to the Admin page, select Exchange on the left-hand side.

39. Under Recipients > Mailboxes search for the terminated user. Select the user, hit the 3 dots close to the search bar, and then hit Convert to shared mailbox. Confirm conversion.

40. Refresh the page and relocate the user. Under the **General **tab, verify user is hidden from the GAL. (This is managed within AD, simply verifying 365 updated properly, step 23)

41. Next, confirm mailbox access under the Delegation tab based on the Offboarding Request/Ticket.

42. Under the Mailbox tab, or the **Email Forwarding **option, confirm email forwarding based on the offboarding request/ticket. Return to the Admin Portal once completed.

43. Refresh the Admin Portal, then search for the terminated user through Users > Active Users.

44. Under the Licenses and apps tab, remove all licenses attached to the user. Make sure to hit Save Changes.

PBA/Telephony Removal:

45. Zoom: On a web browser, sign into https://zoom.us/signin with the provided credentials in PWState (ctac@alc.com).

46. Under User Management > Users search for your terminated user. Once found, hit the edit option, and remove their license (if they have one/swap to basic). Hit **Save **once complete.

47. Adobe: On a web browser, sign into Admin Console (adobe.com) with the provided credentials in PWState > Websites > Adstra Adobe Admin Console

48. Go to Users > [Search Name] > [Select Name] > … > Edit > Delete > Save

49. Telephony: Send an email to ConvergeOne (csd@convergeone.com) to update the user’s voicemail pin, remove the user, and have the number repurposed. If a forward is requested in the offboarding request, update that information within your email.

Note: If sending an email through your work account, ensure another technician/lead is cc’d for tracking of communication, and that they know to keep an eye out for it. Or simply create a new ticket for public tracking of the record/responses, then child or reference the new user creation ticket. Screenshot all records of communication and upload them into the New User Creation Ticket.

50. For the equipment return, start by checking the warranty status of the device via NCentral.

51. Add Nerissa Karim (Nerissa.karim@adstradata.com) to the ticket to assist with coordinating all equipment return to Princeton.

52. IMPORTANT: Obtain and enter the following information into the Public notes:

· Warranty Status:

· Serial Number:

· Asset tag: (If visible)

· Package value: $100

· Package weight:

· Package Dimensions:

· Contents, if it contains a battery, e.g. laptop w/ lithium ion battery: Yes

53. Update the information above in the closing public side of the ticket, verify Nerissa is added to the ticket.