Thank you for this input till now.
Provisioning groups/Policies:
Provisioning groups are defined as an AD group (in EV called Windows group) in all our EV environments where users will be added by our internal provisioning process. We never used the type Organizaional Unit in this context. In other words AD group memberships won't change.
The corresponding AD group will be transffered to another OU as well but will not be deleted. Memberships will be kept too. The policies are relying on the correspoding provisioning groups. So I'm still on the right way. Right?
But as I mentioned above. If the AD account is already removed EV is not able to update any information around such a user object or mailbox in EV (ExchangeMailboxEntry table). Such an information won't change. Right?
Discovery Accelerator:
Custodian Manager is not limited to OU's as well. Additionally I added a screenshot with the current Profile Synchronization settings.
I only see one issue there with user objects that cannot be found anymore (employee left the company).
As you said the Custodian Manager keeps all historic user information about such user objects.
Let's think about the following situation:
A employee left the company some time ago. The corresponding user account doesn't exist anymore when such a change will happen. So nothing will be updated around Enterprise Vault and/or Discovery Accelerator in this case.
The user comes back after this OU change and his account will be added to the Active Directroy again - but somwhere in the new OU structure.
What will happen with the existing (old) information in this case since the new user object will cotain another SID and therefore will be interpreted as another user by EV and DA. Right? So I will have two entries in each affected table then. Right?
Thank you for sharing my thoughts.
