Disabling AD account does not prevent mailbox access via OWA??

I recently found out that even though a mailboxes' AD account is disabled, the mailbox can still be accessed via Outlook Web Access and ActiveSync. My question is this: does changing the AD account's password plug this security hole or must I also remove the mailbox. I need to keep mailboxes, belonging to terminated employees, until all data in them is archived. This takes about a week.

thank you
Who is Participating?
jerseysamConnect With a Mentor Commented:
You could also use Exchange manager.

Right-click the user mailbox, properties, mailbox features, Outlook Web Access, and then disable
AmitIT ArchitectCommented:
reset the password, change the expire date and check again.
If you change the user password then in theory the old user would not be able to use OWA so yes they could not grab their mail. Do this until mail is archived and then remove mailbox and delete AD user.
cyberleo2000Author Commented:
I did a bit more digging and found out that even if the password is changed the mailbox may still be access for a time, minutes to a few hours with the old password since IIS caches that information and it is not changes immediately. Seems like the best practice is a combination of disabling the password as well as disabling features such as activesync, owa and mapi in the mailbox settings. thanks.
AmitIT ArchitectCommented:
Password replication need some time.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.