Solved

Terminated User OU

Posted on 2006-06-16
5
731 Views
Last Modified: 2011-09-20
I have setup our new Active Directory, and would like to make an OU for terminated Users, so that when a user leaves the company, I simply reset his password, and move his account to that OU.  I would like to write a group policy that would allow them to receive email, but not log on or do anything else (owa, etc)

Any ideas on what to include in this group policy?

Thanks!
0
Comment
Question by:terrymason
5 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 100 total points
ID: 16921049
that isnt the function of GPO my friend, if a user leaves why not delete him
0
 
LVL 1

Author Comment

by:terrymason
ID: 16921882
If you delete a user, all email to him will bounce, and other employees won't have access to his email.

There are several lines of thought, I simply reset the password, and then setup a forwarder so that all email to the user will be routed to another employee (you could also setup an autoresponder).  I give another employee full access to the terminated one's email, and they can make a local copy if they'd like.  After 90 days, I delete the user

You could also reset the password, then rename the account to the name of the new person who's replacing him.

I made an OU named "terminated users" simply to keep things in a logical order, so that I can look at them and know they aren't employees any more.
0
 
LVL 5

Accepted Solution

by:
mickinoz2005 earned 200 total points
ID: 16922044
i know this may sound mad but you could also setup a new user / public folder called terminated users and create aliases on that account for people that leave = you then delete the user from AD but all their mail will now go to this mailbox along with all other retired users. Then after 30 - 90 days you just delete the alias. You could also add an out of office or auto responder on this account stating that the user you are trying reach no longer works for the company.

You then set permissions on that mailbox that all users can view it or a particular users such as reception.

Users who are not in the company really should be deleted for many security reasons but you are right organising is definitely better than just leaving the in same OU.

Michael
0
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 200 total points
ID: 16922536
can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.

I am assuming you are using Exchange as your mail system? Why not add the users email address to yours/someone else's? Downside is that you need to change it first in AD and let the change replicate through. Once done, you can go into AD user properties - email addresses and then add it to someone elses sp you receive your own and theirs. Use a filter if you want to put that mail into a sperate folder or some such. this means you can delete their account also.

Sorry if i have missed the point of your question.
0
 
LVL 1

Author Comment

by:terrymason
ID: 16922663

-can I ask the reasoning? Is this simply as you want to continue receiving email for that user name? If so, a GPO is not the best way to be honest.
*There is no real purpose to this.  I have already reset the password, so that the user can't login, and was hoping for another lock down mechanism, like "disable account logon" to act as a safeguard

-I am assuming you are using Exchange as your mail system?
* yes, ex2003
-Why not add the users email address to yours/someone else's?
*I want to contine receiving email on that user's account for 90 days, and have full access to the employee's email that is avaliable to whoever needs it without having to do a restore everytime.  I could use exmerge to put local PSTs on other people's computers, but that seems like alot of work.  I also want to limit administrator intervention.

Is this really that bad of an idea?  I'm removing access to the employee's account for 90 days, then deleting them.

mickinoz2005  - thank you for the idea, but that could be a permissions problem (if a VP leaves or somethign).  Right now I just provide all email to that person's manager.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now