Solved: Hi Ronw I think we'll take

EVMan · ‎06-16-2011

Hi

We have a leavers policy in our EV9 environment which archives all mail before we can safely delete the leavers' mailbox.

The policy / prov group works fine. You can see that the leaver has the leavers policy associated

However if the user is hidden from the GAL (as most are when they leave) you cannot see the mailbox to either enable/disable in EV. Likewise because you cannot do this with the mailbox you cannot run and archiving task to process all items against that individual leaver.

I found another post which suggested to put in the ProcessHiddenMailboxes registry key (set to 1)

so I popped this in and our DBA run this on query on SQL

USE EnterpriseVaultDirectory

UPDATE ExchangeMailboxEntry

SET MbxExchangeState = '0' WHERE MbxExchangeState = '2'

I've done this and restarted the archiving task associated with the leavers mailbox server, and restarted the prov. task. Re-sync'd, re-run provisioning etc. etc. but still I do not see my leavers mailbox, hence the leavers mailbox is not being archived...

Any ideas?

thanks

James

ronw · ‎06-19-2011

If you are using Exchange 2003 you can use ESM to bulk chnage the accounts to renable them in GAL. I use similar system of moving my leaving users to a separate OU Leaving Users. I put a refuse all mail uinless from administrator so no new mail goes into box. I have a 1 day policy on EV that archives all content and does not create a placeholder. After a couple of days I disable the account in AD Block listing in GAL and I leave the AD and Outlook account in place. If users come back we can move account and reactivate it and they still have access to all their old email etc.

View solution in original post

MichelZ · ‎06-16-2011

Is the user disabled in Active Directory?
Then you would have to set the "ExcludeDisabledADAccounts" key, too.

Set both:
http://www.jorink.nl/2010/02/archive-hidden-and-disabled-mailboxes-with-enterprise-vault/

And remember to put this key under SYSWOW64 key if you are running 64-bit Windows.

Cheers

cloudficient - EV Migration, creators of EVComplete.

EVMan · ‎06-16-2011

thanks for this info. Ok, i've set that additional key on all our EV servers (as we have disabled leavers accounts).

I've done numerous sync's etc. but am still not seeing the leavers' mailboxes appear in the console to enable or disable?

Is this normal behaviour? I'll keep an eye on it!

thanks

GertjanA · ‎06-17-2011

Hello EVMan

Rerun provisioning, verify the accounts show up.

If necessary, rightclick in VAC Exchange under targets, fill in name. See if the account shows up, and has policies applied.

After provisioning ran succesfully, try an enable mbx.

GJ

Regards. Gertjan

EVMan · ‎06-17-2011

Hi GJ

If I go to Display Policies assigned to mailboxes i see all my leavers (disabled accounts) appear with my leaver policy against.

So provisioning must be working ok, i just can't see the mailbox to enable/disable to run archived tasks against...

I need to archive all my leavers accounts email so we can safely remove their exchange mailboxes.

thanks

James

EVMan · ‎06-17-2011

Hi GJ

OK i think EV is having problems seeing the accounts when they are hidden from the GAL. Thats not a problem as we could unhide them (script to unhide all) then re-run sync tasks.

But will EV still have an issue seeing those mailboxes if the associated AD account is disabled.

So mailbox not hidden from GAL, but account disabled...

TonySterling · ‎06-17-2011

It sounds as if those maillboxes are not in a provisioning group. They don't show to be enabled until after they have been provisioned.

KarlW · ‎06-17-2011

Hi

Hidden/Disabled mailboxes do not show in the Enable mailbox wizard even when the registry values are set (these are obeyed by the archiving task).

I think there are two options for enabling these users:

1) Use auto-enable on your leavers provisioning group.

2) Use EVPM to enable the users based from the provisioning group.

I've validate (1) but not (2)- though I see no reason for it to fail. I'm not sure what Exchange server version you are running but be aware that there is a Microsoft patch required for Exchange 2003 Sp2 otherwise EV cannot log into the mailboxes for enabling/archiving.

Regards

Karl

TonySterling · ‎06-17-2011

Thanks Karl, I guess I have never had to do it this way around, I am used to the users already being enabled when added to the leavers group.

ronw · ‎06-19-2011

If you are using Exchange 2003 you can use ESM to bulk chnage the accounts to renable them in GAL. I use similar system of moving my leaving users to a separate OU Leaving Users. I put a refuse all mail uinless from administrator so no new mail goes into box. I have a 1 day policy on EV that archives all content and does not create a placeholder. After a couple of days I disable the account in AD Block listing in GAL and I leave the AD and Outlook account in place. If users come back we can move account and reactivate it and they still have access to all their old email etc.

EVMan · ‎06-22-2011

Hi Ronw

I think we'll take your approach as we do similar to that in put the leavers in a dedicated OU (and EV just isn't doing anything with disabled or hidden accounts). We'll leave them enabled and in the GAL.

We can bulk enable the AD ccounts easily as they share the same attribs.

Problem being is that we have 1000 leavers currently that have already been hidden from the GAL.How in Ex2003 esm (where our leavers are situated) can you bulk unhide people from the GAL?

thanks

James

VOX

how to archive email accounts that are hidden from GAL?