Hi,
I've read through other people's strategies for handling terminated/disabled users and there's just a few things I was still wondering.
We are using EV 6.0 SP3 (Exchange and FSA). Right now we have a 'Disabled' OU that is targeted by an archive everything policy .
How can I disable their AD account once their entire mailbox is archived? It is my understanding that the user has to be enabled for their mailbox to be archived. I understand that we could set a policy whereby they could not log in once they are in the "disabled" ou, but our security folks prefer to have that Account Disabled bit set in AD for readability/auditor purposes. My thought initially would be to give them 2 weeks for good measure and disable the account based on the "whenChanged" property (being moved to the Disabled ou being the last change).
Many thanks in advance.