Spent most of the day reading through the multiple discussions around Leavers processes.
Still having an issue with how I would like to deal with Leavers accounts.
If all my users are EV enabled and being successfully archived by EV, when it comes to them leaving and having their accounts disabled, I want to be able to disable their AD user account (ExcludeDisabledADAccounts is set to 0 & ProcessHiddenMailboxes is set to 1), and also disable their Exchange 2007 mailbox so that it will automatically be deleted after x amount of days
At the same time, their AD account gets moved into a new Provisioning Group that archives all the current mailbox content.
So EV would need to continue archiving the disabled mailbox in order for the new policy to strip out all the existing content in the mailbox. If that makes sense?
Have been testing with a few accounts, and it seems that when the Exchange mailbox is disabled, EV stops archiving it?
Have confirmed the new provisioning group works, by testing with another account that was disabled in AD, but their Exchange mailbox left alone, all content was successfully archived.
Is there something extra i need to do to get EV to archive disabled mailboxes, or can it not do that?
Solved! Go to Solution.
The registry keys you have in place should allow EV to archive the disabled MB. A Dtrace of ArchiveTask when performing a Run Now against that mailbox should give information as to why it is not being processed.
The nasty thing of Exchange 2007 is that if you disable the mailbox, exchange considers this a 'remove this mailbox'. The only 'safe' way is to what you describe. disable the user accounts, allow sufficient time to archive the mailbox.
There is a nice 3rd party tool, which could assist you if you have many leavers. (ie several every week.)
It is called ArchiveLeavers. Read more here: http://www.quadrotech-it.com/products/evtools/free/archive-leavers/
It might be helpfull.
example proccess for smaller numbers would be:
- move into a Leavers OU
- disable AD, hide mailbox, remove from DL's etc
- empty with EV
- use Exch & EV reporting to know when theyre empty.
- disable/tombstone mailbx
- run weekly reports against the OU.
'Disabled mailbox' is a bit of an iffy term in my opinion. What does it mean? What is the intention?
If you disable an AD account then the person who is leaving won't be able to access the mailbox. Delegates still can, and maybe they should be able to?
Another option would be to disable the AD account, and then set the send/receive limits to 0. That way users, and delegates can access the mailbox but can't make any changes.
By the way the 'premium' version of the Archive Leavers has the ability to disable the AD account also (and it can convert the archive of the mailbox into a Shared Archive, making it nice and easy to hand-over the archive to a delegate or HR or legal or someone else.