cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Disabling EVS Account with no AD account

D11nnapp
Level 3

‎08-20-2009 08:51 AM

We have a number of leavers, whose AD accounts have been disabled, and their associated mailboxes have respectively also been deleted from Exchange.
How can we disable their mailboxes in EVS which are still enabled for archiving?

Thanks
0 Kudos
11 REPLIES 11

MichelZ
Level 6
Partner Accredited Certified

‎08-20-2009 09:05 AM

They are not showing up on the "Disable Users" button?

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Joseph_Rodgers
Level 6
Partner

‎08-20-2009 12:38 PM

The accounts are gone from the provisioning group.  Once account is deleted in AD EV no longers has a reference.  You may need to remove the account from SQL.

http://seer.entsupport.symantec.com/docs/289950.htm

-Joe
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎08-20-2009 12:43 PM

Joseph

He stated that the Account was only disabled, not deleted.
Only the Mailbox got deleted.

Cheers

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Joseph_Rodgers
Level 6
Partner

‎08-20-2009 01:09 PM

Please post the applicable lines from a RunNow of the provisioning task (full report mode).

Do you the mailboxes appear in the tools - disable mailbox wizard?

If so, do you get an error when attempting to disable?  Please post error.

If the above is true than the link I originally sent will resolve your problem.

Regards
-Joe
0 Kudos

D11nnapp
Level 3

‎08-21-2009 12:20 AM

The report lists many leavers accounts which have entries in enterprise vault but which are not in any provisioning group.

I cant actually see them listed as 'enabled users' when I run the disable accounts wizard. So how would I go about cleaning this up?

The AD account still exists but only the mailbox has been deleted from exchange.

We have just done an audit of leavers so there are quite a lot of accounts like this.

Thanks in advance



0 Kudos

Joseph_Rodgers
Level 6
Partner

‎08-21-2009 05:48 AM

Contact your SQL admin and ask for a copy of the ExchangeMailboxEntry in the EnterpriseVaultDirectory (described in the link I posted).  Are the disabled users listed on this table?  If the users are removed from this table they will no longer be archived by Enterprise Vault.

For future I would recommend altering your procedures as follows:

User Leaves company:

1. If desired: Move all mail to enterprise vault via TerminateEmployees mailbox policy (create higher ranked provisioning group that contains only terminated users)
2. Disable archiving of mailbox
3. Disable user in AD
4. Delete Exchange mailbox

TerminatedEmployee policy:

0 Day archiving
No Shortcuts
All message classes (as required)
Advanced - Included all "special" folders (ie: deleted items, tasks, etc.)

-Joe
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎08-21-2009 06:01 AM

You could also set the "ExcludeDisabledADAccounts" Registry key on the Server, and combine it with a TerminatedEmployee ProvisioningGroup / Policy, like Joe suggests.
But you would then be able to disable the account for security purposes, but still be able to archive mail from this account.

[HKEY_LOCAL_MACHINE\SOFTWARE\KVS\Enterprise Vault\Agents]
"ExcludeDisabledADAccounts"=dword:00000000

So:

1. Disable AD Account
2. Add to Leavers Provisioning Group
3. When the Mailbox is empty, delete it, along with the User
4. Add Permissions to the Archive for other Employees if appropriate (Manager, replacement Employee.... )


Cheers
Michel


cloudficient - EV Migration, creators of EVComplete.
0 Kudos

Joseph_Rodgers
Level 6
Partner

‎08-21-2009 06:18 AM

Michel,

I'm not familiar with that key "ExcludeDisabledADAccounts" (not surprising considering how many "undocumented" keys exist)  do you have any more info\experience about it?  It seems like a very useful key.

only reference I could find: https://www-secure.symantec.com/connect/forums/disabled-users-ad-are-not-archived

Thanks
Joe
0 Kudos

MichelZ
Level 6
Partner Accredited Certified

‎08-21-2009 06:33 AM

Joe

Unfortunately, I haven't got more info.
I will probably play around with it in a Test env sometimes :)

Cheers

cloudficient - EV Migration, creators of EVComplete.
0 Kudos

D11nnapp
Level 3

‎08-24-2009 02:29 AM

I have spoken to our DBA's who have confirmed that the process described in your article is not a problem to follow. So we will be going down the route of deleting the entries from the SQL database. I presume this will not affect our ability to still access the archive.

Thanks for your help.
0 Kudos

BigPhil
Level 5

‎08-24-2009 11:29 AM

Is the procedure mentioned by Joseph in the 3 post also applicable to EV 8?  I dont see it on the list of the products the article applies to.
0 Kudos