terrymason
asked on
Terminated User OU
I have setup our new Active Directory, and would like to make an OU for terminated Users, so that when a user leaves the company, I simply reset his password, and move his account to that OU. I would like to write a group policy that would allow them to receive email, but not log on or do anything else (owa, etc)
Any ideas on what to include in this group policy?
Thanks!
Any ideas on what to include in this group policy?
Thanks!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
-can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.
*There is no real purpose to this. I have already reset the password, so that the user can't login, and was hoping for another lock down mechanism, like "disable account logon" to act as a safeguard
-I am assuming you are using Exchange as your mail system?
* yes, ex2003
-Why not add the users email address to yours/someone else's?
*I want to contine receiving email on that user's account for 90 days, and have full access to the employee's email that is avaliable to whoever needs it without having to do a restore everytime. I could use exmerge to put local PSTs on other people's computers, but that seems like alot of work. I also want to limit administrator intervention.
Is this really that bad of an idea? I'm removing access to the employee's account for 90 days, then deleting them.
mickinoz2005 - thank you for the idea, but that could be a permissions problem (if a VP leaves or somethign). Right now I just provide all email to that person's manager.
ASKER
There are several lines of thought, I simply reset the password, and then setup a forwarder so that all email to the user will be routed to another employee (you could also setup an autoresponder). I give another employee full access to the terminated one's email, and they can make a local copy if they'd like. After 90 days, I delete the user
You could also reset the password, then rename the account to the name of the new person who's replacing him.
I made an OU named "terminated users" simply to keep things in a logical order, so that I can look at them and know they aren't employees any more.