Removing a previous admin without letting them know.

Solved
tantony
Head in the Cloud

Removing a previous admin without letting them know.

First of all, I know this is a strange, but we're in a strange situation with this previous IT person.  Here's the story, me and the previous IT person were the only 2 IT people in my company.  Then I left the company about an year ago because I got another job, leaving the other IT person as the only IT person.  When I left he changed my dashboard account active, but as read only.  So I have read only and he has full access.  Which makes sense because I'm no longer with the company at that point.

 

Then the owner calls me about 2 months ago because unfortunately the IT person is sick, and he's been in a hospital for almost an year, and never coming back to the company.  Owner asks me to disable the IT person's AD account and email etc.  All standard IT security stuff.

 

Now the problem is, even though I can login to dashboard, I'm only a read only admin, which means I can't do anything, and remove the previous IT person's account from dashboard.  The good thing is, since I have access to the domain, I could reset his AD account password, then login as the previous IT person, then select forgot password, and then login as the previous IT person.  Then give my account full access, then log out.  Log back in as my account, which has full access now, and delete the previous IT person's account.  The previous IT person also has a Gmail account which has full access to dashboard.  So he has the company email and Gmail accounts.

 

But the question is, when I delete his account from dashboard, he will get an email notification on his Gmail account right?  Is there a way for it not to do the email notification?  Since I'm changing his AD password, even if he has company email on his phone, he wouldn't know the new password.

 

Again, I know this sounds sketchy, but the owner wants to do this.  

1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal

That is why it is recommended to have at least two Admins in the organization, and most importantly for a company, you should never use a personal email but a corporate one, precisely to avoid this type of situation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

11 Replies 11
tantony
Head in the Cloud

Other thing I can think of, call Meraki support and ask them to turn of email notification. Since I'm a read only admin and I doubt I can turn it off myself.  Then once I delete the previous IT person's Gmail and company accounts, turn back the email notifications.

alemabrahao
Kind of a big deal
Kind of a big deal

What a situation, isn't it worth being transparent with him?
 
You're not even part of the company anymore, why bother? Totally unethical.
 
And no, there is no way to do this without receiving an alert.
I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
tantony
Head in the Cloud

Actually, I'm part of the company now since about 2 months ago since the company needs an IT person, and because I setup the Meraki originally.

 

Yes, I know its best to be transparent with him, but unfortunately because of the previous IT person's living and health issues, the owner and me prefers to be as discrete as possible.

 

So I can't contact Meraki support and have them turn off email notification?

alemabrahao
Kind of a big deal
Kind of a big deal

You can try calling Meraki support and explaining the situation, but it is not guaranteed that they will fulfill your request.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
tantony
Head in the Cloud

Ok understood.  Believe me, I understand this is a very weird situation.  Out of curiosity, let's say the previous IT person deleted my account when I left.  So it was just his company email and Gmail.  How would it work in my situation?

 

Because I wouldn't be able to even login then right?  I'm sure Meraki had these weird situations before.  How do they handle it.  

tantony
Head in the Cloud

Like what if the company ever had only one IT person, and they retire or no longer living?  And that was the only Meraki dashboard account?  How would the new IT person even login?

alemabrahao
Kind of a big deal
Kind of a big deal

That is why it is recommended to have at least two Admins in the organization, and most importantly for a company, you should never use a personal email but a corporate one, precisely to avoid this type of situation.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
tantony
Head in the Cloud

Makes sense, thanks.

tantony
Head in the Cloud

I guess if there really is only 1 admin account, and if that account owner is unreachable, the company would have to go through legal route with Meraki to get access to new dashboard admin.

alemabrahao
Kind of a big deal
Kind of a big deal

alemabrahao_0-1717613373015.png

https://documentation.meraki.com/General_Administration/Managing_Dashboard_Access/Managing_Dashboard...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
PhilipDAth
Kind of a big deal
Kind of a big deal

>when I delete his account from dashboard, he will get an email notification on his Gmail account right? 

 

Correct.  He will be notified.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels