Solved

Terminated User OU

Posted on 2006-06-16
5
755 Views
Last Modified: 2011-09-20
I have setup our new Active Directory, and would like to make an OU for terminated Users, so that when a user leaves the company, I simply reset his password, and move his account to that OU.  I would like to write a group policy that would allow them to receive email, but not log on or do anything else (owa, etc)

Any ideas on what to include in this group policy?

Thanks!
0
Comment
Question by:terrymason
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 100 total points
ID: 16921049
that isnt the function of GPO my friend, if a user leaves why not delete him
0
 
LVL 1

Author Comment

by:terrymason
ID: 16921882
If you delete a user, all email to him will bounce, and other employees won't have access to his email.

There are several lines of thought, I simply reset the password, and then setup a forwarder so that all email to the user will be routed to another employee (you could also setup an autoresponder).  I give another employee full access to the terminated one's email, and they can make a local copy if they'd like.  After 90 days, I delete the user

You could also reset the password, then rename the account to the name of the new person who's replacing him.

I made an OU named "terminated users" simply to keep things in a logical order, so that I can look at them and know they aren't employees any more.
0
 
LVL 5

Accepted Solution

by:
mickinoz2005 earned 200 total points
ID: 16922044
i know this may sound mad but you could also setup a new user / public folder called terminated users and create aliases on that account for people that leave = you then delete the user from AD but all their mail will now go to this mailbox along with all other retired users. Then after 30 - 90 days you just delete the alias. You could also add an out of office or auto responder on this account stating that the user you are trying reach no longer works for the company.

You then set permissions on that mailbox that all users can view it or a particular users such as reception.

Users who are not in the company really should be deleted for many security reasons but you are right organising is definitely better than just leaving the in same OU.

Michael
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 200 total points
ID: 16922536
can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.

I am assuming you are using Exchange as your mail system? Why not add the users email address to yours/someone else's? Downside is that you need to change it first in AD and let the change replicate through. Once done, you can go into AD user properties - email addresses and then add it to someone elses sp you receive your own and theirs. Use a filter if you want to put that mail into a sperate folder or some such. this means you can delete their account also.

Sorry if i have missed the point of your question.
0
 
LVL 1

Author Comment

by:terrymason
ID: 16922663

-can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.
*There is no real purpose to this.  I have already reset the password, so that the user can't login, and was hoping for another lock down mechanism, like "disable account logon" to act as a safeguard

-I am assuming you are using Exchange as your mail system?
* yes, ex2003
-Why not add the users email address to yours/someone else's?
*I want to contine receiving email on that user's account for 90 days, and have full access to the employee's email that is avaliable to whoever needs it without having to do a restore everytime.  I could use exmerge to put local PSTs on other people's computers, but that seems like alot of work.  I also want to limit administrator intervention.

Is this really that bad of an idea?  I'm removing access to the employee's account for 90 days, then deleting them.

mickinoz2005  - thank you for the idea, but that could be a permissions problem (if a VP leaves or somethign).  Right now I just provide all email to that person's manager.
0

Featured Post

SharePoint Admin?

Enable Your Employees To Focus On The Core With Intuitive Onscreen Guidance That is With You At The Moment of Need.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

634 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question