Permanently archive users, with granular provisioning and removing the mailbox
Hi Folks
I have done some searching on the boards for my particular situation and while there are a lot of threads similar to what I am looking to do I haven't found any specific answers - hence a new thread.
EV 7.5/2007
Exchange 2003
In a nutshell I have the following scenario that I would like to cater for:
- Default Provisioning Group (PG) - Entire Exchange Organisation (already accomplished)
- Default Mailbox Policy - Regular users are put in here (already accomplished)
This works beatifully.
People come and go, and our Exchange admin would like to remove mailboxes for users who leave but we'd like to archive their mailbox fully before removing the mailbox from exchange. I envisaged the following:
- Permanently Archived Users PG - Based either on a per-user or OU group basis (this choice is important at the next stage)
- Permanently Archived Users Mailbox Policy - Archives everything immediately across the entire mailbox
- Remove the mailbox from Exchange
- Assign a dedicated user (EVArchived) as the primary billing account for the archive
- Disable the user in AD (or remove the user completely)
I have read these two excellent articles which explain most of the stuff to me:
http://seer.entsupport.symantec.com/docs/275804.htm
http://seer.entsupport.symantec.com/docs/273123.htm
The questions I have are as follows:
1. Rather than follow the automated process in the first link, I have created the policies and PG's manually. Am I right in understanding that the first link is really just automating setting the policy for the user?
2. The first link talks about "1. Once users have left the company, disable their accounts in the VAC and add the required permissions for other users who need to access these archives."
I am not sure what they mean about "disable their accounts in the VAC". Does this mean disable their mailbox from archiving once it's been fully archived? And then edit the properties of the archive and remove the user's permissions and assign an existing one to the archive and as the primary billing account?
Or is this specifically talking about the user permissions to access the VAC (Roles?)
3. If I have a PG based on an OU specifically for Permanently Archived users with a higher precidence of my "Entire exchange organisation" policy, what would be the effect if I ultimately disabled those users in AD and removed their mailboxes? Would EV throw errors finding users in that OU which were either disabled, didn't have mailboxes or both?
Many thanks in advance if you've managed to read this far, looking forward to responses from the gurus.
I have done some searching on the boards for my particular situation and while there are a lot of threads similar to what I am looking to do I haven't found any specific answers - hence a new thread.
EV 7.5/2007
Exchange 2003
In a nutshell I have the following scenario that I would like to cater for:
- Default Provisioning Group (PG) - Entire Exchange Organisation (already accomplished)
- Default Mailbox Policy - Regular users are put in here (already accomplished)
This works beatifully.
People come and go, and our Exchange admin would like to remove mailboxes for users who leave but we'd like to archive their mailbox fully before removing the mailbox from exchange. I envisaged the following:
- Permanently Archived Users PG - Based either on a per-user or OU group basis (this choice is important at the next stage)
- Permanently Archived Users Mailbox Policy - Archives everything immediately across the entire mailbox
- Remove the mailbox from Exchange
- Assign a dedicated user (EVArchived) as the primary billing account for the archive
- Disable the user in AD (or remove the user completely)
I have read these two excellent articles which explain most of the stuff to me:
http://seer.entsupport.symantec.com/docs/275804.htm
http://seer.entsupport.symantec.com/docs/273123.htm
The questions I have are as follows:
1. Rather than follow the automated process in the first link, I have created the policies and PG's manually. Am I right in understanding that the first link is really just automating setting the policy for the user?
2. The first link talks about "1. Once users have left the company, disable their accounts in the VAC and add the required permissions for other users who need to access these archives."
I am not sure what they mean about "disable their accounts in the VAC". Does this mean disable their mailbox from archiving once it's been fully archived? And then edit the properties of the archive and remove the user's permissions and assign an existing one to the archive and as the primary billing account?
Or is this specifically talking about the user permissions to access the VAC (Roles?)
3. If I have a PG based on an OU specifically for Permanently Archived users with a higher precidence of my "Entire exchange organisation" policy, what would be the effect if I ultimately disabled those users in AD and removed their mailboxes? Would EV throw errors finding users in that OU which were either disabled, didn't have mailboxes or both?
Many thanks in advance if you've managed to read this far, looking forward to responses from the gurus.
