Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Terminated User OU

Posted on 2006-06-16
5
Medium Priority
?
780 Views
Last Modified: 2011-09-20
I have setup our new Active Directory, and would like to make an OU for terminated Users, so that when a user leaves the company, I simply reset his password, and move his account to that OU.  I would like to write a group policy that would allow them to receive email, but not log on or do anything else (owa, etc)

Any ideas on what to include in this group policy?

Thanks!
0
Comment
Question by:terrymason
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 400 total points
ID: 16921049
that isnt the function of GPO my friend, if a user leaves why not delete him
0
 
LVL 1

Author Comment

by:terrymason
ID: 16921882
If you delete a user, all email to him will bounce, and other employees won't have access to his email.

There are several lines of thought, I simply reset the password, and then setup a forwarder so that all email to the user will be routed to another employee (you could also setup an autoresponder).  I give another employee full access to the terminated one's email, and they can make a local copy if they'd like.  After 90 days, I delete the user

You could also reset the password, then rename the account to the name of the new person who's replacing him.

I made an OU named "terminated users" simply to keep things in a logical order, so that I can look at them and know they aren't employees any more.
0
 
LVL 5

Accepted Solution

by:
mickinoz2005 earned 800 total points
ID: 16922044
i know this may sound mad but you could also setup a new user / public folder called terminated users and create aliases on that account for people that leave = you then delete the user from AD but all their mail will now go to this mailbox along with all other retired users. Then after 30 - 90 days you just delete the alias. You could also add an out of office or auto responder on this account stating that the user you are trying reach no longer works for the company.

You then set permissions on that mailbox that all users can view it or a particular users such as reception.

Users who are not in the company really should be deleted for many security reasons but you are right organising is definitely better than just leaving the in same OU.

Michael
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 800 total points
ID: 16922536
can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.

I am assuming you are using Exchange as your mail system? Why not add the users email address to yours/someone else's? Downside is that you need to change it first in AD and let the change replicate through. Once done, you can go into AD user properties - email addresses and then add it to someone elses sp you receive your own and theirs. Use a filter if you want to put that mail into a sperate folder or some such. this means you can delete their account also.

Sorry if i have missed the point of your question.
0
 
LVL 1

Author Comment

by:terrymason
ID: 16922663

-can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.
*There is no real purpose to this.  I have already reset the password, so that the user can't login, and was hoping for another lock down mechanism, like "disable account logon" to act as a safeguard

-I am assuming you are using Exchange as your mail system?
* yes, ex2003
-Why not add the users email address to yours/someone else's?
*I want to contine receiving email on that user's account for 90 days, and have full access to the employee's email that is avaliable to whoever needs it without having to do a restore everytime.  I could use exmerge to put local PSTs on other people's computers, but that seems like alot of work.  I also want to limit administrator intervention.

Is this really that bad of an idea?  I'm removing access to the employee's account for 90 days, then deleting them.

mickinoz2005  - thank you for the idea, but that could be a permissions problem (if a VP leaves or somethign).  Right now I just provide all email to that person's manager.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
An article on effective troubleshooting
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question