Gaining Admin access to a Microsoft Exchange Online account when the original Admin has gone

Forums › IT Pro and developers › Gaining Admin access to a Microsoft Exchange Online account when the original Admin has gone

Spong

1013 posts

Uber Geek
+1 received by user: 341

Trusted

#208617 20-Feb-2017 00:51

I have a client with an Exchange Online (365) email account that was originally setup by their previous tech who is no longer on speaking terms with my client. The account is now up for renewal and the tech is trying nasty blackmail techniques before they'll release the login and password and details they used to set this up. I have limited experience of this so wondered if there was a method of gaining access? I don't fancy my chances dealing with MS themselves. Any help gratefully accepted .

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

michaelmurfy

meow
13367 posts

Uber Geek
+1 received by user: 10370

Moderator

ID Verified

Trusted

Lifetime subscriber

#1722850 20-Feb-2017 01:11

I've had this before and it is indeed quite nasty. You could try talking to Microsoft and asking them if they're able to verify your domain via a TXT record (like they did with the initial verification). This way, you're able to verify you're indeed the domain holder and hopefully get you admin access in the process.

That's what I've done years ago however not sure of the process these days.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

nitrotech

1285 posts

Uber Geek
+1 received by user: 168

#1722854 20-Feb-2017 06:56

Get the partner of record changed to the new tech then the new tech will be able to make the necessary changes

Spong

1013 posts

Uber Geek
+1 received by user: 341

Trusted

#1723175 20-Feb-2017 18:01

This has been worse than getting teeth pulled so far. I've spoken to 2x CSR's in the Microsoft Office 365 Data Protection Team and after extended explanations they've both sent me off to the Password Recovery process that assumes I'm the original IT Pro with their email address and mobile number. I knew this wouldn't be easy, but they just don't seem to grasp the situation. If only Nathan Mercer was around? Maybe he'd be able to help.

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

SATTV

1652 posts

Uber Geek
+1 received by user: 630

ID Verified

#1723181 20-Feb-2017 18:19

Are there any users that are a password admin?

If so they could reset the admin account password.

Failing that, I think the only thing you could do is migrate them as a new tenant using something like sky kick or migration whiz.

As you don't have the admin you wont be able to use impersonation, you will have to have everyone's password.

Good luck.

John

I know enough to be dangerous

loceff13

1071 posts

Uber Geek
+1 received by user: 322

#1723185 20-Feb-2017 18:31

In before OP realizes it's just a bad client who shortchanged the former IT guy or something.

bagheera

542 posts

Ultimate Geek
+1 received by user: 188

#1723188 20-Feb-2017 18:34

how the authentication setup - if adfs, then reset his password on the local domain and login, same if it password sync, but wait 30 min, if it pure AAD, then it talk to your MS account manager if you got one to start jumping up and down, if not, it will be log call with MS and keep pushing up the support level till get to someone that can a: verify the account and b: reset the password.

edit: when you get the account back, setup more then one global admin, one of which is lock away in a safe for a "oh, what you mean we have no admin left" days.

nathan

5695 posts

Uber Geek
+1 received by user: 1630
Inactive user

#1724729 22-Feb-2017 20:45

Spong:
This has been worse than getting teeth pulled so far. I've spoken to 2x CSR's in the Microsoft Office 365 Data Protection Team and after extended explanations they've both sent me off to the Password Recovery process that assumes I'm the original IT Pro with their email address and mobile number. I knew this wouldn't be easy, but they just don't seem to grasp the situation. If only Nathan Mercer was around? Maybe he'd be able to help.

I miss you too

I don't really know anything about this any more, but I FW this thread onto someone else still at MSNZ who will know what to do.

Your admin almost sounds like blackmail. Very short sighted thing to do in the small World we live in now

AliExpress

Shop now on AliExpress (affiliate link).

Spong

1013 posts

Uber Geek
+1 received by user: 341

Trusted

#1724787 22-Feb-2017 22:26

Well the end result was that we just couldn't get any further with this. The Microsoft Office 365 Data Protection team simply wouldn't budge because the blackmailer - the previous IT person (A South African guy, not that it's relevant) who had been negligent in several areas, had setup and owned the account, and had ensured all details relating to the Global Administrator were his. Obviously we couldn't provide his credentials. MS have strict guidelines and follow them to the letter it seems.

It seems this could happen to others, so it surprises me that Microsoft don't appear to have a system in place to deal with it. The USA based CSR admitted they'd seen this before. The end result has been that my client (the domain holder and owner of the business) has given in and paid the ransom, despite being against his principles, as it was cheaper than the alternative of transferring the domain to a new account and losing the existing history.

...Ransomware without the benefit of a backup...

Tivo upgrades to operate with the new OzTivo EPG, support and service. Over 400 performed here so far. See: www.hillcrest.net.nz

antoniosk

2361 posts

Uber Geek
+1 received by user: 730

ID Verified

Trusted

Lifetime subscriber

#1724801 22-Feb-2017 22:56

If you've got the information, your client can now sue the guy.

Blackmail is blackmail and a crime - even if setttled in civil court, the guys name will come up in future searchs,

And as another poster said.... nz is a very small place, and blotting your own copybook is indeed very dumb.

________

Antoniosk

1101

3123 posts

Uber Geek
+1 received by user: 1133

#1724921 23-Feb-2017 09:37

antoniosk: If you've got the information, your client can now sue the guy.

Blackmail is blackmail and a crime - even if settled in civil court, the guys name will come up in future searchs,

In general, as none of us have all the facts.... :-)

Often, in cases like this, its a simply a case of IT not co-operating untill they get paid whats owed them
Its not blackmail or extortion if that IT guy is just refusing to help or deal with them while money is owing, or a contact was broken.
Ive worked at companies where that has happened .Some IT guys will even use remote access and secretly starting causing issues untill paid.
Or, could be the IT guy is just a nasty piece of work, who knows ?

Suing is really just throwing $10K++ at lawyers. Not a realistic or quick option for many small business.

paulb001

40 posts

Geek
+1 received by user: 16

Trusted

#1724989 23-Feb-2017 10:25

Hi guys, you can contact Office 365 Billing Support, and they can run you through an Admin ACCOUNT reset, by requesting proof of identity, company letter head and proof of domain ownership. The customer must initiate this and contact them on 0800 194 197. Note however that MS will not get involved in issues where there is debts owing and a tenant is setup and completely managed by a 3rd party. Note also that a delegated admin and Partner of record can reset p/w anytime, so you would have to remove these as well.

Its a worthwhile reminder that like an on premise server, customers should always control the admin login and password details for THEIR servers/services.

Any issues reach out to me on nzcloud@microsoft.com

Paul Bowkett
Microsoft New Zealand
http://microsoft365.com
http://twitter.com/paulbowkett
http://linkedin.com/in/paulbowkett