cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Excluding Disabled AD/Mailbox accounts from Provisioning

Go to solution
GregRountree
Level 4
Partner

‎11-22-2011 06:20 AM

Hi,

  I wanted to reach out to the group to see if anyone has configured provisioning to ignore disabled accounts in Active Directory. Moving disabled accounts to another group that is excluded from the provisioning target is not an option. I want to keep EV from ever seeing those accounts. 

 

I am familiar with this setting:

http://www.symantec.com/business/support/index?page=content&id=TECH129125

 

Thanks in advance!

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎11-22-2011 07:42 AM

why dont you use that registry key then?

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

0 Kudos
7 REPLIES 7

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎11-22-2011 07:42 AM

why dont you use that registry key then?

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
KarlW
Level 6
Employee

‎11-24-2011 08:58 AM

Not sure I understand the issue - by default EV won't archive or synchronize the disabled accounts - you have to turn the registry value on.  Are you seeing something to the contrary?

Regards

Karl

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎11-24-2011 09:09 AM

Karl, i believe that archiving won't archive them, because when they get provisioned they get given the status of 2 or whatever, but regardless they still get provisioned,  but they won't get archived or synced

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
KarlW
Level 6
Employee

‎11-24-2011 09:32 AM

I see where you're coming from but depending on the use case I'm not sure I see what it matters.

All provisioning will do is create an entry in the ExchangeMailboxEntry table - the mailbox will not be logged into...

EV will have to at least 'see' the accounts to know to avoid them....

Thanks

Karl

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎11-24-2011 01:26 PM

Cos it posts those annoying Event ID's
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos

Go to solution
KarlW
Level 6
Employee

‎11-24-2011 02:29 PM

I don't get any warnings/errors for disabled accounts, either for accounts never enabled by EV or disabling the account for an existing EV enabled user.

Are you referring to the events in the mentiond technote or a different one?  The one in the  TechNote should only be logged when an EV enabled mailbox is no longer covered by a provisioning group (for example the AD account is moved to a different OU).

Where the account is just disabled and still covered by a provisioning group you get no warnings/errors.  The original post in the thread requests not having to move the users to another group - therefore there should be no issues.

Cheers

Karl

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎11-24-2011 03:00 PM

Thing is its really difficult in a big organization (you know how big ours is) to be able to disable mailboxes properly when there are so many one offs done out of band
https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos