cancel
Showing results for 
Search instead for 
Did you mean: 

EV enabled mailbox, but account disabled, doesn't get new Povisioning group

Marcelvk
Level 3
Partner

We have employees that used EV for archiving and have been assigned an PG.

If the user doesn't work for the company anymore the following things are done with the useraccount:

- moved to the Ex-employee OU that assigns an ex-employee PG

- Account disabled

- Hidden van GAL

After the provisioning task has ben run, the report states that the maikbox has updated but the mailbox\policy assignment overview doesn't show the changed policy.

How can i change the PG for disabled useraccounts that already where enabled?

 

8 REPLIES 8

RahulG
Level 6
Employee

refer http://www.symantec.com/business/support/index?page=content&id=TECH76587

You need to Rank the Provisioning group Properly.

The users are provisioned according to the rank of the provisioning group . If the user exist in two polocies the one with higher rak would get applier i.e Rank1 is the highest.

Marcelvk
Level 3
Partner

Hi,

The em-employee PG is already on 1

EV_Ajay
Level 6
Employee Accredited

Hi Marcel,

Follow the below sequence ....

1. Move the User to Ex employee OU that is targeted for 1st provisioning group.

2. Restart the provisioning Task.

3. Run the Provisioning the Task in Normal Mode.

4. Check the Provision Task report and search for that User and check for his policy in the report.

5. If you want to archive his mailbox then do not Disable the User account / hide his mailbox until his whole mailbox is archived.

6. Once whole mailbox is archived then Disable that User from EV server for archiving.

7. Then Disable the User mailbox from Exchange.

8. Then Disable his AD Account.

 

RahulG
Level 6
Employee

refer the following as the mailbox is also hidden 

http://www.symantec.com/business/support/index?page=content&id=TECH47252

GabeV
Level 6
Employee Accredited

Hi,

Did you add the following registry keys:

ExcludeDisabledADAccounts

ProcessHiddenMailboxes

http://www.symantec.com/docs/TECH76587

http://www.symantec.com/docs/TECH47252

When you look at the provisioning report, what is the status on that mailbox?

Marcelvk
Level 3
Partner

Already found this article, but these manual steps are a no go for a company with 4000 users.

It all has to go automated :(

Marcelvk
Level 3
Partner

Hi Ajay,

The company policy states that the account must be disabled directly after the employee has left the building. And that the user is hidden from the GAL. These tasks and movement to the Ex-employee is done by our indentity manager. Everything is automated because we have 4000 users, and a lot of ex-emplyees ;-))

The provisioning task reports that the ex-employee has been provisioned with the new PG, but after manual intervention is needed. This all should go automatically...

Is it possible to use the account expire option instead of disable useraccount??? Shall it work then?

 

Marcelvk
Level 3
Partner

The provision report says that a new mailbox has been added to the PG ex-employee.

Yes I added this keys but, the user will be "hidden" in the EV console, and will not be activated automatically