How do I turn of moble email immediately?

I had a employee who was fired. I was told to take away all of their privileges as the meeting began. I did. I disabled the account in AD. The person left the building and proceeded to email the company. Their mobile email still worked even tough I disabled the account.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would first change the password and then remove the account
jrdregsAuthor Commented:
Not an option. I did change the password and disable the account in AD. Yet his IPhone was still able to send messages. I need to be able to access the users info after they are gone.  There must be a better way to disable their account in Exchange.
Can you remote wipe the iPhone?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

JohnBusiness Consultant (Owner)Commented:
Are they perhaps using a different account to email the company?
jrdregsAuthor Commented:
No actually it was a BYOD. I just need to deactivate his email.
Are the contacts on the iPhone and he is using the local email account to send email?
Andy MIT Systems ManagerCommented:
It can take several hours for the access token the phone has to expire during which time it will still be able to send/receive emails even if the account is disabled or password changed. When it requests a new token then it should stop working.

I find disabling the activesync feature in Exchange for the account is usually quicker (from past experience).
You could also do a remote wipe but please note this does a wipe of the device itself and unless users are made aware of it when they setup the emails on the phones this could cause issues if the user loses personal data off of the phone as a result.
jrdregsAuthor Commented:
No John it was the company email.  You have a point though I still can not stop that from happening.
Zacharia KurianAdministrator- Data Center & NetworkCommented:
Most probably the change of account did not reflect in AD.
When you reset the password, did you try loging into his email through OWA, with his reset password? Make sure that you have disabled active sync for this user.

Also have you removed his phone from the mail sync? (needs to do it from ecp) and make sure that his mobile doesn't exists, using ADSI edit.
jrdregsAuthor Commented:
Morty500UK- I think remote wipe on a BYOD is evil.  I would do that on a company phone which we do have.  disabling AS sounds like a good idea.  Is there any way to shorten the token life?  Usually I have a little notice before a termination is about to happen.
Alan HardistyCo-OwnerCommented:
Restart IIS (run IISRESET from a command prompt) on your server as that will force the link to be broken between your server and their phone and then with the account disabled, they won't be able to send further emails.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jrdregsAuthor Commented:
Zackaria I do not see in ECP how to remove phone from mail sync. Removing from ASDI edit does that invalidate the existing token as morty500UK says?
jrdregsAuthor Commented:
Alan Hardisty  reset IIS  on the mail server or the DC.
Thank you I found this KB because of you
Alan HardistyCo-OwnerCommented:
On the mail server.
jrdregsAuthor Commented:
I think the proper proceedure is to disable active sync for the user, disable the account,  then reset IIS on the mail server. Thanks Alan and Morty
Alan HardistyCo-OwnerCommented:
Just disabling the account and running IISRESET would stop the phone from re-authenticating.

Thanks for the points.

A simpler solution is to change the user account password, then log in as the user into OWA (Outlook Web).
In the Mobile / Email Device menu, you can simply click on  the device and remotely wipe company data on it, or just remove it, which removes the ActiveSync partnership (what Alan Hardisty intended to achieve by resetting IIS).
Outlook Web Access Mobile menu showing two BlackBerry partnerships
Edit: do note that this only works for Exchange 2010 and 2013.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.