cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

How to Close a archive

Go to solution
wilsond3010
Level 6
Partner

‎02-16-2011 02:15 PM

Wondering if they're is a process once a person leaves the company

we make sure everything is archived but once his/her mailbox and active directory account deleted it show's as a GUID

How do we change the status of that archive to closed?

And is it still searchale by others who had permissions to the archive

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎02-16-2011 02:57 PM

The process would typically have to be your own.

Most big companies will use the following kind of process to disable users

1. Create a provisioning group called something like Left The Business
2. Make sure the provisioning group targets a distribution list
3. Create an archiving rule to archive anything older than 1 day and include all message classes
4. Make the policy not leave shortcuts and delete the email after being archived
5. When the user leaves, they put the user in the Left The Business distribution list
6. Provisioning runs and then they now have the archive everything now type policy
7. Archiving runs and cleans out the mailbox, adding everything in to the archive
8. After a certain amount of time the user is then disabled and hidden in exchange or even deleted

Users that have been granted access to that mailbox, either manually or via delegation in outlook will continue to have access.

If you want to remove all users access to the archive, you could run a permissions zap so that the permissions are removed, then you can manually add users who need access beyond that point, regardless of the permissions though, searches through Discovery Accelerator will still function.

There are certain things you can use like archive disabled mailboxes and synch hidden mailboxes, but this has proven to be flakey at best in all honesty.

Really you would have to work with your exchange admins to work out the best work flow for how users leave the company and how you handle their mailboxes. Test each type of scenario and try the registry keys until you find a balance that best suits you.

As for the GUID you are seeing, this is the SID to the user that was set as the Billing Owner, in older versions of Enterprise Vault you couldn't make a change to the archive through the VAC with it being in that state, in Enterprise Vault 9 it warns you that it is incorrect but you can make changes, you would simply just change the Billing Owner through the Vault Admin Console

And finally for closing an archive, theres no real way to close it however move archive can set it to closed, and you can change it through SQL, but i don't believe through the VAC or any other method it's possible to close it

But with no mailbox assigned to it, it won't get any email anyway, you can make it more "read only" if you wanted, by changing its status in the VAC to not delete expired items so that Storage Expiry won't delete any email from it.

You would also have to give anyone that has full access to the archive a Deny on the "Delete" rights so they can't delete email from it or change the site properties to have users cannot delete email etc

https://www.linkedin.com/in/alex-allen-turl-07370146

View solution in original post

0 Kudos
2 REPLIES 2

Go to solution
TSO
Level 4

‎02-16-2011 02:51 PM

hi wilsond3010 

Normally you would configure leavers policy ( 0 day policy) to archive everything in the mailbox, change the bill usage account to Vault service account and disable the user's mailbox from archiving. If you want to close the archive you can run the following SQL query which willchange the status of the archive from Available to close:

Use EnterpriseVaultDirectory

Update ArchiveView

Set ArchiveStatus = '3'

where ArchiveName = '<User's Archive Name>'

 

I hope that helps!

0 Kudos

Go to solution
JesusWept3
Level 6
Partner Accredited Certified

‎02-16-2011 02:57 PM

The process would typically have to be your own.

Most big companies will use the following kind of process to disable users

1. Create a provisioning group called something like Left The Business
2. Make sure the provisioning group targets a distribution list
3. Create an archiving rule to archive anything older than 1 day and include all message classes
4. Make the policy not leave shortcuts and delete the email after being archived
5. When the user leaves, they put the user in the Left The Business distribution list
6. Provisioning runs and then they now have the archive everything now type policy
7. Archiving runs and cleans out the mailbox, adding everything in to the archive
8. After a certain amount of time the user is then disabled and hidden in exchange or even deleted

Users that have been granted access to that mailbox, either manually or via delegation in outlook will continue to have access.

If you want to remove all users access to the archive, you could run a permissions zap so that the permissions are removed, then you can manually add users who need access beyond that point, regardless of the permissions though, searches through Discovery Accelerator will still function.

There are certain things you can use like archive disabled mailboxes and synch hidden mailboxes, but this has proven to be flakey at best in all honesty.

Really you would have to work with your exchange admins to work out the best work flow for how users leave the company and how you handle their mailboxes. Test each type of scenario and try the registry keys until you find a balance that best suits you.

As for the GUID you are seeing, this is the SID to the user that was set as the Billing Owner, in older versions of Enterprise Vault you couldn't make a change to the archive through the VAC with it being in that state, in Enterprise Vault 9 it warns you that it is incorrect but you can make changes, you would simply just change the Billing Owner through the Vault Admin Console

And finally for closing an archive, theres no real way to close it however move archive can set it to closed, and you can change it through SQL, but i don't believe through the VAC or any other method it's possible to close it

But with no mailbox assigned to it, it won't get any email anyway, you can make it more "read only" if you wanted, by changing its status in the VAC to not delete expired items so that Storage Expiry won't delete any email from it.

You would also have to give anyone that has full access to the archive a Deny on the "Delete" rights so they can't delete email from it or change the site properties to have users cannot delete email etc

https://www.linkedin.com/in/alex-allen-turl-07370146
0 Kudos