kam_uk
asked on
Exchange mailbox and disabled AD accounts
Hello Experts
Something I've always wondered what *should* be the correct answer to :)
I'm running Exchange 2007 SP2 and AD 2008.
Let's say I have a mailbox named Temp1 used by a casual worker. She leaves, so we disable her AD account.
Should I still be able to access her mailbox, assuming I have Full Mailbox access, either via my OWA or my Outlook profile?
Is the only way I can't access this mailbox when I try and actually log in as Temp1?
Secondly, let's say I then deleted the Temp1 AD account using ADUC. I know the Exchange mailbox still lives in the EDB database for another 35 days, but in disconnnected state, am I correct (well it was in E2003)? Should I still be able to access this mailbox now in the same fashion as before?
Thirdly, in either situation, what happens if people email the Temp1 mailbox?
Finally, can email forwarding work when the associated AD account is disabled/deleted?
Something I've always wondered what *should* be the correct answer to :)
I'm running Exchange 2007 SP2 and AD 2008.
Let's say I have a mailbox named Temp1 used by a casual worker. She leaves, so we disable her AD account.
Should I still be able to access her mailbox, assuming I have Full Mailbox access, either via my OWA or my Outlook profile?
Is the only way I can't access this mailbox when I try and actually log in as Temp1?
Secondly, let's say I then deleted the Temp1 AD account using ADUC. I know the Exchange mailbox still lives in the EDB database for another 35 days, but in disconnnected state, am I correct (well it was in E2003)? Should I still be able to access this mailbox now in the same fashion as before?
Thirdly, in either situation, what happens if people email the Temp1 mailbox?
Finally, can email forwarding work when the associated AD account is disabled/deleted?
Sorry that's wrong, if disabled then the forward robustas recipient under delivery options should still function.
What I normally do is reset the users password if I need access to their email, etc or need to set up forwarding. I usually do this for about 30 days until email access is no longer needed
Also, you asked how else you could access their mailbox rather than loggin in with their username. You can access it also by going to Outlook client --> File --> Open --> other users' folder and then type in their name and click ok. If you have full access it should open their email. (if the account is not disabled.
Also, you asked how else you could access their mailbox rather than loggin in with their username. You can access it also by going to Outlook client --> File --> Open --> other users' folder and then type in their name and click ok. If you have full access it should open their email. (if the account is not disabled.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
DeMazter is correct (when including his second post).
If you need access, the best practice is to export the mailbox (the server literally creates a pst) and then either import it into another account, or just attach the pst file in outlook (depending on if you're transferring old email to a new person who will fill that position, or just looking at the old email for a bit).
But once the primary user is disabled forwarding is the only thing that should work. And a disconnect should just leave the MB around for a reconnect at a later date (up to {by default} 30 days later)
If you need access, the best practice is to export the mailbox (the server literally creates a pst) and then either import it into another account, or just attach the pst file in outlook (depending on if you're transferring old email to a new person who will fill that position, or just looking at the old email for a bit).
But once the primary user is disabled forwarding is the only thing that should work. And a disconnect should just leave the MB around for a reconnect at a later date (up to {by default} 30 days later)
>>can you access ' Disconnected' mailboxes in Exchange 2010 via Outlook/OWA? I havent tested that on Exchange 2010.
I didn't say you could ;)
In Exchange 2010 there is a recipient type of "Shared Mailbox" this can only be created using the EMS and the account associated with it is disabled.
Unless it's a resource mailbox or shared mailbox then accessing the mailbox when the primary user account is disabled is not possible, at least if it is I have never witnessed it.
I didn't say you could ;)
In Exchange 2010 there is a recipient type of "Shared Mailbox" this can only be created using the EMS and the account associated with it is disabled.
Unless it's a resource mailbox or shared mailbox then accessing the mailbox when the primary user account is disabled is not possible, at least if it is I have never witnessed it.
ASKER
Hi demazter
> Unless it's a resource mailbox or shared mailbox then accessing the mailbox when the primary user account is disabled is not possible
How do you define a shared mailbox though? Going back to my example, if I gave myself Full Mailbox Access to Temp1 mailbox, and then disabled the Temp1 AD account, would I still be able to acccess the Temp1 mailbox if it was added to my Outlook profile?
> Unless it's a resource mailbox or shared mailbox then accessing the mailbox when the primary user account is disabled is not possible
How do you define a shared mailbox though? Going back to my example, if I gave myself Full Mailbox Access to Temp1 mailbox, and then disabled the Temp1 AD account, would I still be able to acccess the Temp1 mailbox if it was added to my Outlook profile?
A shared mailbox is a type of recipient in Exchange 2010, you can only create it using the command line.
A mailbox that has been shared is exactly that a mailbox that has been shared. It's not a shared mailbox.
A mailbox that has been shared is exactly that a mailbox that has been shared. It's not a shared mailbox.
Under the Mailbox Features tab on that user, just disable their features to connect to the exchange box, which will still allow anyone who has full access permissions the ability to connect to it.
ASKER
Actually, I tested this and I can access a mailbox via a seperate account if the associated AD account (to the mailbox) is disabled?
Yep, that's how it is supposed to work.
No, email forwarding will not work either