10-09-2014 12:35 AM
Hi,
I recently took over an Enterprise Vault environment where is set Provisioning group that enables the archive to all users through AD users OU.
Now they want to make it so that some users won't be enabled for archiving though they are in that particular OU.
Is it possible and how should it be done?
As I understand I could make another provisioning group leaving the automatically enable tap empty - make it higher in rank - and target a created "Disable archiving" AD-group to it and it should take care of that? At least new users who are added to the group when the account is created and the provisioning task runs for the first time... right?
But if the new user account is accidentally left out from the group the second Provisioning group will be taking actions and enable the archiving - then the only possibility is to export what ever was archived in the first place and disable the archiving manually and it will not get enabled automatically anymore second time correct?
Is there easier way to make this work?
Sani B.
Solved! Go to Solution.
10-09-2014 05:53 AM
You are correct, if the user is not in the "do not archive" group they will get enabled and archived. Another option, though requiring more administrative effort would be to disable the users. If they are disabled then they won't get automatically re-enabled without manual intervention. The key is a difference between enabled, do not archive and disabled users. You could also create an EVPM script that disables the users.
10-09-2014 02:45 AM
10-09-2014 02:45 AM
10-09-2014 05:49 AM
Yes I recommend that too but the client is adamant that they want to use the OU setting...
Sani B.
10-09-2014 05:53 AM
You are correct, if the user is not in the "do not archive" group they will get enabled and archived. Another option, though requiring more administrative effort would be to disable the users. If they are disabled then they won't get automatically re-enabled without manual intervention. The key is a difference between enabled, do not archive and disabled users. You could also create an EVPM script that disables the users.
10-09-2014 06:43 AM
10-09-2014 07:23 AM
Hi,
ok so why not as a one off exercise enable and disable them? or enable them with a policy that means that they won't actually get archived nor have any client capabilties? (do they get the client software installed on their client?)
Mike
10-09-2014 11:07 PM
Hi all,
Yes the add in is automatically installed to everyone due to company policies and it looks like my original thoughts about how I would have to do it stands out to be the option to go with as I don't manage the AD and therefore have no way of knowing advanced if some rare individual should not have the archive enabled.
Thanks for all your great answers once again - always happy to ask advices/opinions when you guys are so supportive! =)
Sani B.