Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

What is the best practice after the Exchange Mailbox user is leaving the company ?

Created: 28 Jun 2012 • Updated: 02 Jul 2012 | 5 comments
This issue has been solved. See solution.

Hi,

Can anyone share what is the best pratice to do after you archive the Exchange Server mailboxes with EV according to this article (http://www.symantec.com/business/support/index?page=content&id=TECH67757) ?

Do you still keep it or can you safely delete it from the Exchange Server which will means it deletes the AD account as well.

I've never delete all of my Exchange Server mailboxes in the company before because i do not know what or how to access the archived email from the EV console.

Any kind of help would be greatly appreciated.

Thanks

Comments 5 CommentsJump to latest comment

Mikeydee135's picture

when a user leaves we start by disabling the account (naturally) assign any forwarding rules requested and grant mailbox access to replacements/line managers/colleagues to fit the access required by the particular department. (our archive access syncs from the mailbox rights so this carries accross all legacy mail access also)

 

we then move the user object to a new OU designated for leavers the original plan was for there to be group policies affecting this OU but that never happened, however it allows us to assign this OU to a leavers provisioning group. 

 

members of this provisioning group have a few rules in adition :

1. EVERYTHING is archived daily if it is over zero days old, effectively emptying the mailbox (save a few shortcuts) to the vault

2. shortcuts for items over 6 months old are deleted -this effectively gives us ability to count down to when the account isnt needed - the list will reach very few items. it also means that we can see if clients etc are still messaging this address and if some forwarding should be considered, if the mailbox doesn't shrink in number of items then someone is still mailing them.

 

 

periodically we check excahnge mailbox item counts, if the user has been disabled for at least 6 months and if the number of items is less than 5 it's probably only system items remaining and the mailbox is safe to delete, access has been available to the vault for those who need it via archive explorer etc for at least 6 months. when the AD account deletes all previously synched access is kept and aditional access can be granted via the EV console. 

 

all of our data is kept indefinately, it's only a question of granting the correct access.

 

 

 

SOLUTION
Dushan Gomez's picture

Many thanks for the response guys,

So the correct steps is to disable the account from the AD and then MOVE it into the custom OU for 0 day archiving ?

Dushan Gomez
IT Manager
VCP 4 and 5 | MCITP Exchange Server | MCTS SharePoint Server | MCP Windows XP

 

Rob.Wilcox's picture

Dushan, there is no "correct" steps really.  There are just options, and which you choose is down to you, your business, your consultants etc, etc.