?
Solved

Deleteing a user account in AD but retaining their mailbox

Posted on 2005-03-02
18
Medium Priority
?
1,012 Views
Last Modified: 2008-02-01
Hi everyone

I have a user on the helpdesk whos account is botched.  I want to blow it away in AD but retain his mailbox, re-create his account and just reconnect his mailbox.  However when I try to do this, AD confirms the deletion and "mark each selected exchange mailbox for deletion" is ticked but I cant untick it. I.E it is  set as default somewhere.
Im in the Domain Admins group and it wont let me untick it either.  How can I change this? Does this option mean that the mailbox will be deleted straight away?  Can you advise the best pratice for deleting an account in AD without deleting a mailbox and just recreating the account and readding the mailbox later?
Just as backround we have just migrated to AD and Exhange 2003.


Thanks!

Catriona
0
Comment
Question by:byrca
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +3
18 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13445912
I believe you can use Exmerge to accomplish this task...  use it to backup the users mailbox to a pst file, then restore it after you have rebuilt their user account and profile.  Here is a step by step for you:

http://www.petri.co.il/brick_level_backup_of_mailboxes_by_using_exmerge.htm
0
 

Author Comment

by:byrca
ID: 13446797
Hi there

OK well I know I can exmerge to PST but I want to know where this setting came from and if its a default setting and I would also like to turn it off so that we have more control when deleting an account in AD.  I have set the retention period in Exchange system manager to 15 days but I need confirmation as to what this tick box means exactly.  REminder : when I right click and choose DELETE on a user account in AD a delete object confirmation box comes up with "Mark Each Selected Exchange Mailbox for Deletion" ticked but greyed out inside.  Ive worked on sights before where I have been able to delete the account it AD but not the mailbox.  
Can you give clarification?   What is best practice when somebody leaves regarding their account and their mailbox?

Ta very much
Cat
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 13446944
Hey, Cat.

I know what you're talking about, and it is frustrating.  Where the crux of the issue lies, however, is that the Exchange mailbox is actually an attribute of the user account in Active Directory.  Because of this, it is tied into the account and if the account is deleted, it has to be deleted as well (which is why you can't uncheck the box).

Since you're only dealing with one account, I wouldn't even bother with ExMerge (it's a pain in the butt because you have to go in and create an non-administrator account for the process since administrators are denied access to Exchange mailboxes... then you have to grant that account permissions on each mailbox).  ExMerge is awesome if you've got a lot of users.  For one user, I would just go to the user's computer and log on as them.  Use Outlook to export the mailbox to a .PST:

In Outlook, go to File, Import and Export to start the wizard.
Select "Export to a file" and click "Next".
Select "Personal Folder File (.pst)" and click "Next".
Select the Mailbox object and put a check in the "Include Subfolders" checkbox and click "Next".
Browse to where you want the file, give it a name and select how you want to handle duplicate items (of which there should be none).

Once you've done that, blow away the user, recreate them and import the PST (which is pretty much the opposite of the above steps).  This really is the easiest way.  If you want to keep their whole profile, use the File and Settings Transfer Wizard in XP (go to Start | All Programs | Accessories | System Tools  and you'll see it there).

What you're referring to with deleting users but not mailboxes in AD domains probably was done on DCs where the Exchange Management Tools weren't installed.  If that's the case, then there are no "Exchange Tasks" in Active Directory Users and Computers.  The problem you run into when you try to recreate the user is that the mailbox, as I mentioned, is an attribute of the original user account which is identifed by its SID so you still won't be able to link back to that mailbox (it would kind of be like trying to link a user to a deleted user account's remote access permissions or description or some other attribute).  Eventually, the Information Store will notice that the mailbox has no associated user account and then it will purge it.  The mailbox is completely unrecoverable at that point (short of restoring from tape and the doing an Directory Restore).  Again, I doubt it's worth the effort.  Going through Outlook will take far less time.

Hope this is helpful to you.

<-=+=->
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13449076
Too easy Splinter..  should have thought of that first!  :)

Additionally, I would test whatever scenario you choose before deleting the account..  Loosing a user's mail can be a very, very bad thing, especially if the user is in the exec branch of you company....  The unemployment lines are much too long right now for our industry!  :)
0
 
LVL 16

Expert Comment

by:robrandon
ID: 13450058
Check out this link:
http://www.examnotes.net/archive78-2002-10-72398.html

As stated before, definitely make sure you have a backup of the mailbox just in case.
0
 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 13450550
robrandon,

Great link... I didn't know you could do that.  I'll test on one of our Exchange servers.

<-=+=->
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13454559
Agreed...  Nice tip!
0
 

Author Comment

by:byrca
ID: 13455461
Cool - thanks guys!  Just to clarify - deleted user account in AD will mark the mailbox for deletion in Exhange yeah? I presume the mailbox will stay in Exchange for the retention period that ive set already and be purged after that?  Can you let me know?  
And Good link   - this is what I thought I could do... ?  So if I recreate the user account in AD can I not just reconnect the mailbox in Exchange System manager? Will the Sid history muck it up?  Of course i'll have already archived their mailbox to pst just in case.  Agreed - Exmerge is a pain just for one little user...:0)

Again thanks for the advice

Cheers
Cat
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13455579
Yea, Rob hit the mark on that link...  I really don't want to test it though on my EX server, so I will wait till he comes back in, unless someone else wants to try it..  :)
0
 
LVL 16

Expert Comment

by:robrandon
ID: 13458286
I have a test server that I can try it on this afternoon (EST).  Will post back later my findings.  
0
 
LVL 16

Expert Comment

by:robrandon
ID: 13459253
Well, I got curious and couldn't wait.....

It works.  This is what I did.  I created 2 accounts.  User1 and User2.  Logged on and configured Outlook for each of them, and populated messages into their mailboxes.

I then deleted account User1.  In Exchange I right-clicked the Mailbox Store and ran the Cleanup Agent.  A red X appeared for the User1 mailbox.  I created a new account called User5.  In Exchange I right-clicked the User1 mailbox and chose to reconnect.  I chose User5 from the list.  At this point it stated the operation completed successfully, but I then got a popup that stated the following:
------
The object has not been replicated to the destination server yet.  Wait for replication to complete and try again.

Operation: Updating Mailbox Resources on server 'TESTDC1'...
ID no: c1031731
Exchange System Manager
------

I clicked OK and refreshed after a moment, and the red X went away.  I then logged onto a computer as User5, configured outlook and everything was there.

I then did the same with User2, except when I created a new account, I called it User2 (since I believe that is what you are doing).  I got the same results, including that error/notification popup.  When I logged on as User2, because it has a new SID, it created a new profile.  

So, it looks like this does work.  Pretty cool.  Good luck!
0
 
LVL 16

Accepted Solution

by:
robrandon earned 2000 total points
ID: 13459263
1 more thing.  When I created the new accounts, I chose NOT to create a mailbox for them.

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 13459838
:)  I thank you too, Rob..
0
 
LVL 14

Expert Comment

by:Joseph Hornsey
ID: 13459931

No kidding... good job, Rob.  I was going to do that last night by getting into one of our Exchange servers via RDP.  Alas, my laptop blue-screened.  And here I thought I was going to go to bed early.

I've been administering/teaching/recovering/deploying/etc. Exchange since 5.0 and I didn't know you could do that!  Thanks for the tip and testing, Rob!

<-=+=->
0
 
LVL 16

Expert Comment

by:robrandon
ID: 13460373
No problem.  Very glad I could help.  
0
 
LVL 17

Expert Comment

by:JohnGerhardt
ID: 13462528
Check your exchange setting as well as properties can be set on the stores to wait a certain peroid before deleting. I do this for the very reason you have, this way I have a little lee way if i am absent minded!
Under the limts tab on under properties fro the store, there is a setting about how long to keep mailbox after accounts deleted. Set it approiately and you should easily be able to delte the account and recreate it.  and then reconnect the mailbox.
Hey though things are never that easy so do as SplinterCell5894 mentioned above and backup the mailbox in question to a pst!
Hope this helps...
0
 

Author Comment

by:byrca
ID: 13473677
Wikid! I tested too and it worked like a dream

Cheers boyz

Cat
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question