Processing Company Leavers
One of the tasks facing Enterprise Vault Administrators is how to process mailboxes/archives for people who are leaving the company. It could be 1-2 people now and again, through natural attrition, or it could be a collection of people in one go, as part of a reduction-in-force (RIF).
Either way working out the 'best' thing to do with their mailboxes, and archives is something that an EV Administrator must think about and tackle at some point.
In this article I'm talking about Exchange mailbox users. However, some of the same tasks/issues exist for SharePoint users, and other mail systems like Domino.
Lots of Options
There are many options, decisions to make, and things to think about when looking at what can be done with leavers from the company. It has to be decided if the archive needs keeping at all! In some companies it might be possible to destroy all old data, or maybe the person leaving hasn't been with the company for very long. I am guessing though, that most EV Administrators don't get this 'simple' part of the job very often!
Usually the Enterprise Vault Administrator, management, and any Legal and Risk teams need to think about :
* Does the archive need keeping?
Most companies don't want to delete anything. Let alone someone that is just leaving the company. So the answer to this, for most EV Administrators is "Yes".
* Does the archive need to be shared amongst previous team members, or a replacement member of staff?
This often depends on the nature of why the person is leaving, and whether the remaining team need access to some of the related mails, eg shared projects and so on.
* Does the mailbox need 'hoovering up' to get rid of ALL the old mail, and instead adding all the mails to an archive?
Personally I think it's great to zero the mailbox before deleting it, or telling an Exchange Administrator team that they can go ahead with their own clean up routines.
* Does the mailbox need to not be processed by the Archiving Task of Enterprise Vault after their leaving date?
It would make sense to me not to process the mailbox every night going foward after the person's leaving date.
* Does the leaver need to be disabled from Active Directory when they leave?
This is a definite, in my opinion, but again companies vary.
* Does the end-date need to all go under the same retention category as existing data, or to a different one?
This is a discussion which needs to be had as to whether the 'final' set of data is kept under different retention. Legal and Risk teams might have some input on this aspect, or you maybe given free reign to decide to keep the data for a year (for example)
* Does the archive need to be kept 'online'?
Some companies decide that they want to keep the data, but not in an online form. Sometimes they will export the whole of the archive to a collection of PSTs, which can be stored somewhere on the network, or just simply backed-up and then deleted.
Once all these sorts of things have been debated you then need to do some of the activities, and then think about automating the growing list.
Normally, the sorts of things that I see being done are:
* Archive everything in the person's mailbox the day they leave
* Disable them in Active Directory
* Disable them from Enterprise Vault archiving
* At some point later share out the person's archive with managers, replacement staff, etc.
One of the ways to archive everything in the person's mailbox is to swap them to a different provisioning group, synchronise (a few times), run the provisioning task (a few times, for good measure) and then run the archiving task manually for that user. This time it might be wise to ensure that they don't get items archived and replaced by shortcuts; just archiving them may be fine. Doing this sort of thing is a bit cumbersome and time consuming, and at this point you will now probably have a mailbox with only shortcuts in them. The mailbox could just be deleted, or, a simple script could go through the mailbox, delete all the shortcuts and report on any issues ore remaining items.
Disabling them from Enterprise Vault archiving is usually a manual step after this. There isn't a lot of sense in carrying on archiving the leavers mailbox after they have left. It makes more sense to clean things up once-and-for-all.
Disabling them from Active Directory could be done via a script, or a quick search using AD Users and Computers.
It's always possible at a later time to then share out this person's archive with some other required people. Again though that becomes a little bit of a pain to manage, but it's do-able. It can also be tricky then if the leaver returns to the company potentially in a different role, or if someone with the same name starts working for the company.
Some companies even export the whole of the archive at this point, in to several PST files, and then remove it from Enterprise Vault.
The bit that isn't very palatable for many administrators is the manual-nature of most of these tasks. It would be great with some automation, via custom scripts, or via a tool.
Ideal Sounding Solution?
I spotted an ideal sounding solution a week or two ago, and investigated it a little. The solution is called Archive Leavers from QUADROtech. It comes in two forms, a free version (where they ask you obtain a free license after 30 days) and premium version which does a few more things. I don't have any details on the pricing unfortunately.
The free version lets you archive everything out of a users mailbox, to a particular retention category which you can specify. It will clear out the users mailbox, to zero items. It also then disables the user from EV archiving. It's all scriptable via PowerShell as well, which is great.
I found installing it, using it and doing scripted approaches with it (to process several users) very easy. They even have a couple of training videos available from their web site (http://quadrotech-it.com) which show how to do the various tasks with the tool.
The premium version additionally lets you disable the user from Active Directory, and turn the leavers Archive in to a Shared Archive.
Processing leavers from a company is something that every Enterprise Vault Administrator must get involved in at some point. Whilst there are many manual options available, some of which can be automated by custom-built scripts, there is at least one almost completely automated approach in the form of QUADROtech Archive Leavers tool.