How to disconnect active OWA sessions?

Is there a way to immediately disable a users OWA session with Exchange 2007?
For example, if a remote user is terminated from the company but
has an active OWA session, how can you prevent them from being able to
continue working with this open OWA session? Can I cut off the session from
IIS?  IISRESET?  Has Anyone dealt with this before?

Scenario -  User gets terminated, I reset his PW, disable his AD account and move it into a disabled OU.  I then go into exchange and turn off OWA and other features of the users mailbox.  The user at this point is connected through RWW and logged into OWA.  1 hour after being terminated he's still sending emails to the company.

Who is Participating?
AkhaterConnect With a Mentor Commented:
iisreset will surely do it however I never had this requirement before

but I doubt that the change password will be immediate so he might be able to still log for some time (maybe a min or 2 if you have a small network)

how are you making owa accessible ? if you are using ISA or TMG then you can deny the users on the rule

LifeFlight-ITAuthor Commented:
I have never run into this either.  I've never had an IISRESET as part of an employee departure process.
The user was connected over Remote Web Workplace which basically gives him a link to webmail and intranet.
Keith AlabasterEnterprise ArchitectCommented:
The user still has to get through your firewall - that would be the point to terminate the session connection rather than an iisReset which has a much bigger impact to all users rather than just this one.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Do you have ISA or TMG or any other kind of firewall/reverse proxy that authenticates the user ?
LifeFlight-ITAuthor Commented:
I use Sonicwall TZ190.  The users come through RWW and authenticate through that, and not the FW.
then I think there is no "smooth" way to do it

LifeFlight-ITAuthor Commented:
Since this termination was the exception and not the rule I think if it happens a again a quick IISRESET will do the trick.  I ran a test yesterday where I was logged into OWA, I disabled the users account, I then started to send email as this test user and all was working fine, I ran the IISRESET and then tried to send another email as the disabled user and "NO GO".  Once the web services came back online, the test user was forced to log in again and no go.  

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.