Solved

Disabling AD account does not prevent mailbox access via OWA??

Posted on 2013-02-04
5
519 Views
Last Modified: 2013-02-04
I recently found out that even though a mailboxes' AD account is disabled, the mailbox can still be accessed via Outlook Web Access and ActiveSync. My question is this: does changing the AD account's password plug this security hole or must I also remove the mailbox. I need to keep mailboxes, belonging to terminated employees, until all data in them is archived. This takes about a week.

thank you
0
Comment
Question by:cyberleo2000
  • 2
  • 2
5 Comments
 
LVL 41

Expert Comment

by:Amit
ID: 38851627
reset the password, change the expire date and check again.
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38851631
If you change the user password then in theory the old user would not be able to use OWA so yes they could not grab their mail. Do this until mail is archived and then remove mailbox and delete AD user.
0
 
LVL 15

Accepted Solution

by:
jerseysam earned 500 total points
ID: 38851657
You could also use Exchange manager.

Right-click the user mailbox, properties, mailbox features, Outlook Web Access, and then disable
0
 

Author Comment

by:cyberleo2000
ID: 38851788
I did a bit more digging and found out that even if the password is changed the mailbox may still be access for a time, minutes to a few hours with the old password since IIS caches that information and it is not changes immediately. Seems like the best practice is a combination of disabling the password as well as disabling features such as activesync, owa and mapi in the mailbox settings. thanks.
0
 
LVL 41

Expert Comment

by:Amit
ID: 38851795
Password replication need some time.
0

Join & Write a Comment

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now