cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Handling of terminated users

bobby_hilliard
Level 5

‎01-04-2008 01:03 PM

First time poster, novice EV admin.
 
I'm curious as to how others are handling the disabling/deleting of users in and AD/Exch2k3 environment as concerns archiving. It would seem to make sense to get a complete copy of the mailbox prior to the disabling/deleting.
 
Being the lowly Exch admin, I'm not always privy to the disabling/deletion of accounts until after the fact.
 
From what I've seen, it appears that setting up a special policy/task is needed, and a manual re-enable/archive/disable would be required.
 
Any info is appreciated.
 
Thanks.
0 Kudos
5 REPLIES 5

Andy_Lukens
Level 5

‎01-04-2008 02:01 PM

You need something you can key off of to identify all the accounts for terminated users.  You can then setup a provisioning group in EV keying off of the that unique attribute that uses a different mailbox policy.

We actually have a 'Term' OU in AD.  When an account is terminated, it is moved into that OU along with several other steps.  The provisioning group then applies to all accounts in that OU and uses a mailbox policy which archives all messages immediately (after 0 days).  We haven't yet enabled this functionality, but this is my plan.
0 Kudos

MirrorSphere
Level 5
Partner Accredited

‎01-06-2008 01:03 PM

Also, as part of the leavers provisioning group (typically an AD group or OU) and subsequent policy you may want to include all the message class types to ensure that all items are ripped out of the mailbox before it is removed/deleted.  I would also not choose as part of the policy to put shortcuts back into the mailbox. 
 
0 Kudos

Mark_Ludgate
Level 6
Partner Accredited

‎01-06-2008 02:05 PM

Also you should consider disabling archiving for the departed users, before deleting or disabling the AD account.

0 Kudos

Tonya_McDuffie
Level 2

‎01-07-2008 01:10 PM

In theory, having a specific Exchange Mailbox policy run against the "Terminated" OU sounds good, but archiving won't work unless the mailboxes are Unhidden.  When users term in our environment, the mailboxes are hidden so they are no longer seen in the GAL.  So the ability to take advantage of this process depends on if you have the mailboxes hidden or not.
0 Kudos

bobby_hilliard
Level 5

‎01-08-2008 07:27 AM

Looks like we'll be changing the way we handle terms. Currently, the account is disabled for 30 days before deleting. They are moved to a unique OU, but, the policy currently dictates an immediate disable...which obviously won't cut the mustard with archiving.
 
So, it appears that I'm going to be much more involved that ever before...handling moving to the OU, monitoring archiving to know when it's done, disabling the archiving and then disabling the user accounts.
 
I suspected that I didn't have enough to do!
 
Thanks for all the responses.
 


Message Edited by bobby hilliard on 01-08-2008 10:28 AM
0 Kudos