• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 890
  • Last Modified:

Disabling User Accounts


What are the steps required for disabling a user account?
We are running SBS 2003 and have a couple employees who have left. We would like to disable their email and active directory accounts.

Yesterday, I disabled the email and not the active directory accounts, and received the following error message in event viewer:

Event Type:      Warning
Event Source:      MSExchangeIS
Event Category:      General
Event ID:      9548
Date:            10/10/2007
Time:            10:30:42 AM
User:            N/A
Computer:      MyComputer
Disabled user /o=MyDomain/ou=first administrative group/cn=Recipients/cn=MyUser does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.

For more information, click http://www.microsoft.com/contentredirect.asp.

Thanks! Kristin
3 Solutions
All you have to do is disable their active directory user accounts. I have never disabled the mailbox itself if that is possible but it sounds like that the mailboxes are no longer associated with a user account with whatever action you took. The manner in which you disable accounts is based on how you wish to deal with these accounts later. If you are archiving mail you need to reenable the user account and reassociate the mailbox in order to access their mail. If you are going to rename te accounts for new employees then you disable the accounts and save them. If you are going to create new accounts then you can delete the accounts. Once you delete the account the mailbox will stay in exchange for 30 days I beleive by default before it is purged. So this leaves you with a few options on how you want to handle user accounts.

Let me know if this helps.
This error occurs when the user account associated with a mailbox is disabled or deleted.  It sounds like the accounts were disabled but the mailboxes were not deleted.  If you check the user accounts from ADUC and see the Exchange attributes then the mailboxes are still connected to the user object.  See http://support.microsoft.com/kb/555410 for explanation of this event.

If you want the mailboxes to remain active while the user accounts are disabled, you'll need to add "full mailbox access" and "associated external account" permissions to the SELF account.  See http://support.microsoft.com/kb/278966 for a description of this.
This is a excellent site which has the detailed info on what you need to do when a employee resigns

forcedexposureAuthor Commented:
apologies for the delayed response.
thanks! Kristin

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now