02-16-2011 02:15 PM
Wondering if they're is a process once a person leaves the company
we make sure everything is archived but once his/her mailbox and active directory account deleted it show's as a GUID
How do we change the status of that archive to closed?
And is it still searchale by others who had permissions to the archive
Solved! Go to Solution.
02-16-2011 02:57 PM
The process would typically have to be your own.
Most big companies will use the following kind of process to disable users
1. Create a provisioning group called something like Left The Business
2. Make sure the provisioning group targets a distribution list
3. Create an archiving rule to archive anything older than 1 day and include all message classes
4. Make the policy not leave shortcuts and delete the email after being archived
5. When the user leaves, they put the user in the Left The Business distribution list
6. Provisioning runs and then they now have the archive everything now type policy
7. Archiving runs and cleans out the mailbox, adding everything in to the archive
8. After a certain amount of time the user is then disabled and hidden in exchange or even deleted
Users that have been granted access to that mailbox, either manually or via delegation in outlook will continue to have access.
If you want to remove all users access to the archive, you could run a permissions zap so that the permissions are removed, then you can manually add users who need access beyond that point, regardless of the permissions though, searches through Discovery Accelerator will still function.
There are certain things you can use like archive disabled mailboxes and synch hidden mailboxes, but this has proven to be flakey at best in all honesty.
Really you would have to work with your exchange admins to work out the best work flow for how users leave the company and how you handle their mailboxes. Test each type of scenario and try the registry keys until you find a balance that best suits you.
As for the GUID you are seeing, this is the SID to the user that was set as the Billing Owner, in older versions of Enterprise Vault you couldn't make a change to the archive through the VAC with it being in that state, in Enterprise Vault 9 it warns you that it is incorrect but you can make changes, you would simply just change the Billing Owner through the Vault Admin Console
And finally for closing an archive, theres no real way to close it however move archive can set it to closed, and you can change it through SQL, but i don't believe through the VAC or any other method it's possible to close it
But with no mailbox assigned to it, it won't get any email anyway, you can make it more "read only" if you wanted, by changing its status in the VAC to not delete expired items so that Storage Expiry won't delete any email from it.
You would also have to give anyone that has full access to the archive a Deny on the "Delete" rights so they can't delete email from it or change the site properties to have users cannot delete email etc
02-16-2011 02:51 PM
hi wilsond3010
Normally you would configure leavers policy ( 0 day policy) to archive everything in the mailbox, change the bill usage account to Vault service account and disable the user's mailbox from archiving. If you want to close the archive you can run the following SQL query which willchange the status of the archive from Available to close:
Use EnterpriseVaultDirectory
Update ArchiveView
Set ArchiveStatus = '3'
where ArchiveName = '<User's Archive Name>'
I hope that helps!
02-16-2011 02:57 PM
The process would typically have to be your own.
Most big companies will use the following kind of process to disable users
1. Create a provisioning group called something like Left The Business
2. Make sure the provisioning group targets a distribution list
3. Create an archiving rule to archive anything older than 1 day and include all message classes
4. Make the policy not leave shortcuts and delete the email after being archived
5. When the user leaves, they put the user in the Left The Business distribution list
6. Provisioning runs and then they now have the archive everything now type policy
7. Archiving runs and cleans out the mailbox, adding everything in to the archive
8. After a certain amount of time the user is then disabled and hidden in exchange or even deleted
Users that have been granted access to that mailbox, either manually or via delegation in outlook will continue to have access.
If you want to remove all users access to the archive, you could run a permissions zap so that the permissions are removed, then you can manually add users who need access beyond that point, regardless of the permissions though, searches through Discovery Accelerator will still function.
There are certain things you can use like archive disabled mailboxes and synch hidden mailboxes, but this has proven to be flakey at best in all honesty.
Really you would have to work with your exchange admins to work out the best work flow for how users leave the company and how you handle their mailboxes. Test each type of scenario and try the registry keys until you find a balance that best suits you.
As for the GUID you are seeing, this is the SID to the user that was set as the Billing Owner, in older versions of Enterprise Vault you couldn't make a change to the archive through the VAC with it being in that state, in Enterprise Vault 9 it warns you that it is incorrect but you can make changes, you would simply just change the Billing Owner through the Vault Admin Console
And finally for closing an archive, theres no real way to close it however move archive can set it to closed, and you can change it through SQL, but i don't believe through the VAC or any other method it's possible to close it
But with no mailbox assigned to it, it won't get any email anyway, you can make it more "read only" if you wanted, by changing its status in the VAC to not delete expired items so that Storage Expiry won't delete any email from it.
You would also have to give anyone that has full access to the archive a Deny on the "Delete" rights so they can't delete email from it or change the site properties to have users cannot delete email etc