Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

How to handle archived items of users that leave the company?

Created: 12 Mar 2006 • Updated: 21 May 2010 | 6 comments

Hi,
in the past when a user left we would copy his/her mailbox to a pst file and then burn them on a CD.
If I do that now I would archive the mbx and the archived items would stay in the EV (users don't use retention periods).
One option would be to manually set a retention period of X years on that archive and leave it at that.
Is there another option where I can easily move that data out of the mbx archive?

For FSA I could just copy the whole user folder to another location and keep a copy of that.

appreciate your insight
regds
Osama Salah

Discussion Filed Under:

Comments 6 CommentsJump to latest comment

Micah Wyenn 2's picture

Osama,

You've got a bunch of options, but here's the ones I see most frequently implemented by larger companies.

The base retention category of the email messages is not changed. This is to reflect the fact that corp assets age consistantly, regardless of transient owners.

Once the user leaves, a very aggressive policy (usually 1 day policies) are applied to the account over 2 days...basically capturing all the email to an EV archive.

The archive permissions are then set to disallow the original user, and to allow fully a user whom will either be taking over the functions of that position, and or a legal/risk/HR team that will need access to it.

Another option is that you may right click on the "archives" section, select "Export" and then export the entire archive to a pst file. The original files remain in the archive until you mark them for deletion.

micah

TonySterling's picture

I would use this EVPM to set everything to archive right away. You will notice the filter section sets it to 0 days to archive. One thing to keep in mind, if you delete the users AD account you will need to change the Bill to Account for the archive. I normally set it to the VSA.

;This Script will archive every item in the Mailbox
;If shortcuts are left over, that's because the item is already in the vault
;Start Script

DirectoryComputername =
SiteName =


Name = oneshotarchive
CreateShortcut = false
DeleteOriginal = true
UnreadMaiL = true
UseInactivityPeriod = true
InactivityUnits = days
InactivityPeriod = 0


DistinguishedName =


Name = mailboxroot
Suspended = false
Filtername = oneshotarchive
OverrideArchiveLocks = true
RetentionCategory = Business
;End Script

Micah Wyenn 2's picture

kewl,
Yeah the script is the better option. I wouldn't delete the AD account tho Osama, just disable it. Sometimes employees come back. :)

micah

Jason Bunn's picture

What is the benefit of changing the bill to address? We may need to be doing this?

We are a large company were numerous AD objects that are deleted for terminations. Keeping them disabled would not be a great option for us. (AD repl, messy, etc.)

Any insight on the billing adress is appreciated.

Thanks

JB

TonySterling's picture

If you do not change the bill to you can not modify the archive permission if the user account is deleted.

Jason Bunn's picture

We have run into that issue and are able to make an SQL change to allow the account to become active and change permissions.

In many instances our security dept will have the ID removed long before we ever hear about it.

But it is good to know that changing the billing account ahead circumvents this.

Thanks