Forum Discussion

James_Slack's avatar
10 years ago

Active Mailboxes and Deleted AD accounts

Hi,

Vault 11/ 2008 R2.

Our process has always been that mailboxes are enabled for mailbox archiving on Vault. Then when the user leaves, we disable the AD account for a while and then delete when ready.

This is fine (we have set Vault to work for Disabled and Hidden accounts).

However, our "Active Archives" count is double what our user base currently is.

My main questions are.

1) What is licensed here? Active Archives or is it Active Mailboxes?

2) Is there any manual tidy up procedure I should follow.

From the manual, Vault says the following, which sounds like I need do nothing other than delete the AD accounts:

Mailboxes with no associated Windows account are not archived.

This is the correct behavior. The Exchange Mailbox task automatically disables archiving for such mailboxes.

If someone could confirm points 1 and 2 that would be great.

Thanks in advance.

James

 

  • Hi James,

    Licensing is based on user-mailboxes being archived, not being functional (group) mailboxes.

    What we do in AD is to change a Leavers Displayname to have "ZZ Disabled" in front of the original displayname. that way, they archivename also changes during the 'leavers archiving" process.

    To verify the required number of licenses, I run a query:

    USE EnterpriseVaultDirectory
    SELECT DISTINCT NrUsers=COUNT(MbxNTUser)
    FROM         ExchangeMailboxEntry
    WHERE     (MbxArchivingState = 1)
    and mbxdisplayname not like 'fm.%' -- Functional Mailbox
    and MbxDisplayName not like 'rs.%' -- Resource Mailbox
    and legacymbxdn not like '%/cn=fm.%' -- Functional Mailbox
    and legacymbxdn not like '%/cn=rs.%' -- Resource Mailbox
    and mbxdisplayname not like '%ZZ disabled%' -- Disabled users
    and mbxdisplayname not like '%ZZ Old%' -- obsolete archives

    Manual tidy up....

    You can have the usage report, based on billing account. where it shows a SID, the account no longer exists. Or, in the VA Con the Archives, sort on Billing Account.

    You can then use a sql to change the archivename, or do it manually.

    To change the name, I use this:

    Update Archive
    Set ArchiveName = 'ZZ Disabled - ' + ArchiveName
    Where (ArchiveName = 'name of archive with SID as billing account')

     

  • 1. the "Active Archives" in your vault store usage report refers to their state in EV. it doesn't reflect your licensing in any way. EV licensing is based on actual user acount. this is the definition of a user directly from Symantec:

    "“User” means an individual person and/or device who is authorized by the licensee to use and/or benefit from the use of the software, or is the person and/or device who actually uses any portion of the product or service. In general, "Users" refer to Active Users within the enterprise (i.e., Users actively creating new data that is being archived). We do not require a license for inactive mailboxes, system/group mailboxes or Users with multiple mailboxes."

    2. it depends. you're archiving hidden and disabled accounts but you do eventually delete the AD account. what does your company want to do with the archived data? does it need to be kept for legal purposes? do you have a retention period and expiry in place?

  • Thanks both.

     

    GertjanA - We do already rename the account in AD when the person leaves (to indicate the leaving date) but that doesn't update Vault. Is that a manual process only then? I'll have a play about with the SQL later, thanks.

     

    AndrewB - Thanks for the license info. As for our policy. It's that every user is enabled for Vault, all email is Vaulted and nothing is deleted from Vault ever. When A user leaves their account is hidden and disabled and moved to an OU which Vaults everything at 0 days. Once they are archived and we are happy with everything (month or two) the AD account is deleted and that's it.

  • sounds like you got it covered then? did you have any other questions?

  • Hi James,

    If you rename the account in AD, make sure to rename the DISPLAYNAME too.

    If you check your archiving policy, tab advanced, setting:

    Archive Naming Convention and Reset Archive Names.

    The Archive Naming Convention by default is set to Mailbox Name = DisplayName

    Check the help for how the archive name is determined.

    sorry, should have been more clear.