Proper Method for Clean Offboarding in Add2Exchange

The cleanest way to offboard a user from Add2Exchange-managed synchronization is to remove the user from the managed Distribution List before disabling, hiding, deleting, relicensing, password-changing, or otherwise modifying the mailbox account.

This should be done the day of or day before the termination to have time for the system to remove the replicated data from all their devices.

The recommended process is:
Remove the user from the Add2Exchange-managed Distribution List.

1. Allow Add2Exchange Relationship Group Manager / Template Validation to run automatically.
2. Confirm the relationship was successful and automatically removed and the synced data is cleaned up from active devices.
3. Then proceed with the normal offboarding steps, such as removing the license, hiding the mailbox, changing the password, disabling the account, converting to a shared mailbox, delegating the mailbox or deleting the mailbox.

Why the Order Matters
Add2Exchange uses Distribution List membership to determine which template-based relationships should exist. When a user is removed from the managed Distribution List while the mailbox is still active and accessible, Add2Exchange can properly remove the relationship and clean up the synced data from the user’s mailbox and connected devices.

However, if the mailbox is disabled, hidden, unlicensed, password-changed, or deleted before the user is removed from the Distribution List, Add2Exchange may no longer be able to access the mailbox. In that case, the relationship may go into an alerted state because the mailbox is no longer reachable.

Once a relationship is alerted, it may remain in the system and periodically generate errors until the user is removed from the Distribution Lists managed by Add2Exchange templates.

What Happens If the License Is Removed First
If the user’s Microsoft 365 license is removed before they are removed from the Distribution List, the mailbox may become inaccessible. Add2Exchange will detect that the relationship can no longer be processed and may place the relationship into alert.

If the user is later removed from the Distribution List while the mailbox is still inaccessible, Add2Exchange can remove the alerted relationship from the system, but it will not be able to perform a normal cleanup of previously synced data from the mailbox or active devices.

In that case, the relationship is removed without cleanup because the mailbox cannot be accessed.

What Happens If the Password Is Changed or the User Is Hidden
Changing the user’s password, hiding the user from the GAL, disabling the account, or otherwise preventing mailbox access can also interfere with cleanup from the users devices.

Even if the user is later removed from the Distribution List, Add2Exchange may not be able to log into or process the mailbox. If the user’s mobile device, Outlook profile, or mailbox connection is no longer active or accessible, the synced data may not be removed from those devices automatically.

Best Practice
For a clean offboard, always remove the user from the Add2Exchange-managed Distribution List before making mailbox access changes.

The correct sequence is:
Remove from Distribution List first, and allow time for the template process to run, usually every 4-8 hours. This lets Add2Exchange “clean up” and remove the data. Then you can continue and complete the rest of your termination process and make other account changes.

This gives Add2Exchange the opportunity to remove the relationship properly and clean up synchronized data from all active, reachable devices.

If the User Was Already Offboarded Incorrectly
If the user was already unlicensed, hidden, disabled, deleted, or password-changed before being removed from the Distribution List, the relationship will need to be force-removed from Add2Exchange.

In that scenario, just remove the user from the managed distribution list.  Add2Exchange is typically set to remove this type of alerted relationship, but it will not be able to “clean up” data from the user’s mailbox or devices because the mailbox is no longer accessible.

To attempt a normal cleanup, the mailbox would need to be made accessible again, and then removed from the distribution list. This may require restoring or reassigning the license, unhiding the mailbox if applicable, and ensuring the account credentials and mailbox access are functional and the same as before. Once the mailbox is accessible again, removing the user from the managed Distribution List allows Add2Exchange to attempt a proper cleanup cycle.