ob40
15 years agoLevel 3
Provisioning criteria
Our help desk recently started reusing AD username/logon for returning employees. We always did this if an employee returned to the same job. If they returned before the mailbox was deleted by policy then they would be reconnected to the mailbox and at the next prosioning task run the new account would be given perms to the vault.
Unfortunately they have started reusing the original username even though they are in a different job/department and shouldn't have access to old data in the vault. They create a new mailbox, but because the username doesn't change, the user is then given access to the old vault. Does anyone know of a workaround. We are trying to get them to go back to adding a number behind the username (i.e.username1) and that causes a new vault to be created.
I didn't open a case as I don't feel that this is an EV design problem but an account management issue locally. However, if there is a workaround we could use I would appreciate it.
Unfortunately they have started reusing the original username even though they are in a different job/department and shouldn't have access to old data in the vault. They create a new mailbox, but because the username doesn't change, the user is then given access to the old vault. Does anyone know of a workaround. We are trying to get them to go back to adding a number behind the username (i.e.username1) and that causes a new vault to be created.
I didn't open a case as I don't feel that this is an EV design problem but an account management issue locally. However, if there is a workaround we could use I would appreciate it.
if the user has been enabled go ahead and disabled them. Then on the existing archive rename it and set a manual deny in permissions for that account. The manual deny overwrites the automatically assigned.
Then when you enable the user don't choose the existing archive but rather create a new one.