Solved

Terminated User OU

Posted on 2006-06-16
5
726 Views
Last Modified: 2011-09-20
I have setup our new Active Directory, and would like to make an OU for terminated Users, so that when a user leaves the company, I simply reset his password, and move his account to that OU.  I would like to write a group policy that would allow them to receive email, but not log on or do anything else (owa, etc)

Any ideas on what to include in this group policy?

Thanks!
0
Comment
Question by:terrymason
5 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 100 total points
ID: 16921049
that isnt the function of GPO my friend, if a user leaves why not delete him
0
 
LVL 1

Author Comment

by:terrymason
ID: 16921882
If you delete a user, all email to him will bounce, and other employees won't have access to his email.

There are several lines of thought, I simply reset the password, and then setup a forwarder so that all email to the user will be routed to another employee (you could also setup an autoresponder).  I give another employee full access to the terminated one's email, and they can make a local copy if they'd like.  After 90 days, I delete the user

You could also reset the password, then rename the account to the name of the new person who's replacing him.

I made an OU named "terminated users" simply to keep things in a logical order, so that I can look at them and know they aren't employees any more.
0
 
LVL 5

Accepted Solution

by:
mickinoz2005 earned 200 total points
ID: 16922044
i know this may sound mad but you could also setup a new user / public folder called terminated users and create aliases on that account for people that leave = you then delete the user from AD but all their mail will now go to this mailbox along with all other retired users. Then after 30 - 90 days you just delete the alias. You could also add an out of office or auto responder on this account stating that the user you are trying reach no longer works for the company.

You then set permissions on that mailbox that all users can view it or a particular users such as reception.

Users who are not in the company really should be deleted for many security reasons but you are right organising is definitely better than just leaving the in same OU.

Michael
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 200 total points
ID: 16922536
can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.

I am assuming you are using Exchange as your mail system? Why not add the users email address to yours/someone else's? Downside is that you need to change it first in AD and let the change replicate through. Once done, you can go into AD user properties - email addresses and then add it to someone elses sp you receive your own and theirs. Use a filter if you want to put that mail into a sperate folder or some such. this means you can delete their account also.

Sorry if i have missed the point of your question.
0
 
LVL 1

Author Comment

by:terrymason
ID: 16922663

-can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.
*There is no real purpose to this.  I have already reset the password, so that the user can't login, and was hoping for another lock down mechanism, like "disable account logon" to act as a safeguard

-I am assuming you are using Exchange as your mail system?
* yes, ex2003
-Why not add the users email address to yours/someone else's?
*I want to contine receiving email on that user's account for 90 days, and have full access to the employee's email that is avaliable to whoever needs it without having to do a restore everytime.  I could use exmerge to put local PSTs on other people's computers, but that seems like alot of work.  I also want to limit administrator intervention.

Is this really that bad of an idea?  I'm removing access to the employee's account for 90 days, then deleting them.

mickinoz2005  - thank you for the idea, but that could be a permissions problem (if a VP leaves or somethign).  Right now I just provide all email to that person's manager.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
A common practice in small networks is making file sharing easy which works extremely well when intra-network security is not an issue. In essence, everyone, that is "Everyone", is given access to all of the shared files - often the entire C: drive …
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now