Excerpt
A simple, low-risk offboarding pattern: enable a 14-day forward to the supervisor with an auto-reply, keep copies in the mailbox, then remove forwarding and retire the account. No shared mailboxes, no drama.
Photo suggestion
Something neutral and professional: a close-up of a keyboard lock icon, or a soft sunset over a temple (if you want to keep the page’s visual theme).
Caption idea: “Quiet handoffs, clean closures.”
Context (redacted)
Policy: No shared mailbox conversions. For leavers, enable a 2-week mail forward to the supervisor, show a clear auto-reply, then delete the user so the mailbox soft-deletes and later hard-deletes. Team files live in SharePoint/Teams; local working data is archived to encrypted USB for short-term retention.
Before (T0) — Enable 14-Day Forward + Auto-Reply
Goal: Forward new messages for two weeks and keep a copy in the mailbox for audit/review; clearly inform senders.
Replace with your addresses before running:
$User = "[email protected]"$Supervisor = "[email protected]"
# Admin sign-in
Import-Module ExchangeOnlineManagement -ErrorAction SilentlyContinue
Connect-ExchangeOnline
# Vars
$User = "[email protected]"
$Supervisor = "[email protected]"
$Days = 14
$Now = Get-Date
$End = $Now.AddDays($Days)
# Enable mailbox-level forwarding (keep a copy)
Set-Mailbox -Identity $User `
-ForwardingSmtpAddress $Supervisor `
-DeliverToMailboxAndForward $true
# Schedule auto-replies for the same window
$InternalMsg = @"
This mailbox is no longer monitored.
For assistance, please contact $Supervisor or call the main line.
"@
$ExternalMsg = @"
Thanks for your message. This mailbox is no longer monitored.
Please email $Supervisor for assistance.
"@
Set-MailboxAutoReplyConfiguration -Identity $User `
-AutoReplyState Scheduled `
-StartTime $Now `
-EndTime $End `
-InternalMessage $InternalMsg `
-ExternalMessage $ExternalMsg `
-ExternalAudience All
Parallel housekeeping (same day):
- Reset the user’s password, revoke sign-in sessions, and (optionally) block sign-in during the transition.
- Transfer/confirm ownership of OneDrive/SharePoint/Teams files needed by the team.
- Archive any local workstation data to an encrypted USB (BitLocker To Go) if policy allows.
After (T+14) — Remove Forwarding → Retire Account
Goal: Stop forwarding, disable auto-reply, and delete the user (soft-delete mailbox). Optionally hard-delete the mailbox once soft-delete is visible.
Import-Module ExchangeOnlineManagement -ErrorAction SilentlyContinue
Connect-ExchangeOnline
$User = "[email protected]"
# Remove mailbox-level forwarding & auto-reply
Set-Mailbox -Identity $User -ForwardingSmtpAddress $null -DeliverToMailboxAndForward $false
Set-MailboxAutoReplyConfiguration -Identity $User -AutoReplyState Disabled
# Delete the user in Entra ID (do this in the portal or via Graph)
# Entra admin center → Users → select user → Delete
# After directory sync, the mailbox will be in "soft-deleted" state (up to 30 days)
# Optional: Permanently delete the mailbox once soft-deleted
$Soft = Get-Mailbox -SoftDeletedMailbox -ErrorAction SilentlyContinue |
Where-Object {$_.PrimarySmtpAddress -eq $User}
if ($Soft) {
Remove-Mailbox -PermanentlyDelete -Identity $Soft.ExchangeGuid -Confirm:$false
}
Lessons Learned
- Clarity beats complexity. Forward + auto-reply for a defined window avoids confusing senders and helps the team capture anything urgent.
- Keep a copy while forwarding. It preserves context during the transition.
- No shared mailbox needed. If policy prohibits it, you can still do a clean, auditable handoff.
- Document the timestamps. Password reset, token revocation, forward on/off, user deletion, and any permanent mailbox purge.
Pocket I’m Keeping
- Short window, clear message, clean cutover.
- Files belong in SharePoint/Teams; email is a temporary bridge.
- Quiet, consistent process reduces friction and drama.
© 2012–2025 Jet Mariano. All rights reserved.
For usage terms, please see the Legal Disclaimer.