TSAdmin8
asked on
Is there a way to completely cut off access to an Exchange 2010 email account right away?
Hi,
I was wondering if there is a way to cut off access to an Exchange 2010 email account right away in case an employee is let go? I noticed that even if I change the password the account and disable the access in AD (login hours to not allowed), but the employee is still connected using Outlook or webmail, that their connection stays up and the ex-employee is still able to send and receive emails, delete contacts, emails, etc. I read some articles that say that if you move it to another DB, access will be cut off (thus a combination of that plus disabling the login and changing the password would work). However, the access is not cut off until the end of the mailbox move and if the person has a big email box, it could mean that he or she can potentially remain logged on for hours. Please let me know if there is a solution as I think this is a major malfunction in Exchange...
Thanks,
Allie
I was wondering if there is a way to cut off access to an Exchange 2010 email account right away in case an employee is let go? I noticed that even if I change the password the account and disable the access in AD (login hours to not allowed), but the employee is still connected using Outlook or webmail, that their connection stays up and the ex-employee is still able to send and receive emails, delete contacts, emails, etc. I read some articles that say that if you move it to another DB, access will be cut off (thus a combination of that plus disabling the login and changing the password would work). However, the access is not cut off until the end of the mailbox move and if the person has a big email box, it could mean that he or she can potentially remain logged on for hours. Please let me know if there is a solution as I think this is a major malfunction in Exchange...
Thanks,
Allie
Disable is not the best method, as it will be eventaully purged from the database. Instead open properties of the mailbox and click on Mailbox Features and disable access to MAPI, OWA, IMAP and POP3. Therefore the user can no longer can access it but the mailbox will still be on the system.
ASKER
Hi,
Thank you for your answers!
I did disable and re-enabled the account hoping it would cut the session that the user had open with Webmail but it did not (I disabled it and reenabled it an hour later but the user remained connected sending, receiving emails, and deleting several items. He was still connected when I undeleted his emails and contacts, which made him very upset). He was connected for over 4 hours until I moved the mailbox to another DB. I also disabled OWA and Mapi but that also did not terminate the open session. Exchange 2003 was awesome at terminating sessions (you could just click disconnect) but it is not apparent how to do it in 2010...
Thanks,
Allie
Thank you for your answers!
I did disable and re-enabled the account hoping it would cut the session that the user had open with Webmail but it did not (I disabled it and reenabled it an hour later but the user remained connected sending, receiving emails, and deleting several items. He was still connected when I undeleted his emails and contacts, which made him very upset). He was connected for over 4 hours until I moved the mailbox to another DB. I also disabled OWA and Mapi but that also did not terminate the open session. Exchange 2003 was awesome at terminating sessions (you could just click disconnect) but it is not apparent how to do it in 2010...
Thanks,
Allie
Try locking the account by entering the wrong password multiple times.
Hi,
You could try disabling mailbox and then run Exchange Management Shell cmdlet Clean-MaildboxDatabase. This will update the status of the mailbox as disconnected.
You could try disabling mailbox and then run Exchange Management Shell cmdlet Clean-MaildboxDatabase. This will update the status of the mailbox as disconnected.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can reconnect the mailbox later back to the same or another account.
http://technet.microsoft.com/en-us/library/bb123490(v=exchg.141).aspx