Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 538
  • Last Modified:

Disabling AD account does not prevent mailbox access via OWA??

I recently found out that even though a mailboxes' AD account is disabled, the mailbox can still be accessed via Outlook Web Access and ActiveSync. My question is this: does changing the AD account's password plug this security hole or must I also remove the mailbox. I need to keep mailboxes, belonging to terminated employees, until all data in them is archived. This takes about a week.

thank you
0
cyberleo2000
Asked:
cyberleo2000
  • 2
  • 2
1 Solution
 
AmitIT ArchitectCommented:
reset the password, change the expire date and check again.
0
 
jerseysamCommented:
If you change the user password then in theory the old user would not be able to use OWA so yes they could not grab their mail. Do this until mail is archived and then remove mailbox and delete AD user.
0
 
jerseysamCommented:
You could also use Exchange manager.

Right-click the user mailbox, properties, mailbox features, Outlook Web Access, and then disable
0
 
cyberleo2000Author Commented:
I did a bit more digging and found out that even if the password is changed the mailbox may still be access for a time, minutes to a few hours with the old password since IIS caches that information and it is not changes immediately. Seems like the best practice is a combination of disabling the password as well as disabling features such as activesync, owa and mapi in the mailbox settings. thanks.
0
 
AmitIT ArchitectCommented:
Password replication need some time.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now