Solved

How do I turn of moble email immediately?

Posted on 2014-10-01
17
123 Views
Last Modified: 2014-10-01
I had a employee who was fired. I was told to take away all of their privileges as the meeting began. I did. I disabled the account in AD. The person left the building and proceeded to email the company. Their mobile email still worked even tough I disabled the account.
0
Comment
Question by:jrdregs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 3
  • +4
17 Comments
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
ID: 40354447
I would first change the password and then remove the account
0
 

Author Comment

by:jrdregs
ID: 40354456
Not an option. I did change the password and disable the account in AD. Yet his IPhone was still able to send messages. I need to be able to access the users info after they are gone.  There must be a better way to disable their account in Exchange.
0
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
ID: 40354459
Can you remote wipe the iPhone?
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 95

Expert Comment

by:John Hurst
ID: 40354461
Are they perhaps using a different account to email the company?
0
 

Author Comment

by:jrdregs
ID: 40354465
No actually it was a BYOD. I just need to deactivate his email.
0
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
ID: 40354467
Are the contacts on the iPhone and he is using the local email account to send email?
0
 
LVL 14

Assisted Solution

by:Andy M
Andy M earned 200 total points
ID: 40354469
It can take several hours for the access token the phone has to expire during which time it will still be able to send/receive emails even if the account is disabled or password changed. When it requests a new token then it should stop working.

I find disabling the activesync feature in Exchange for the account is usually quicker (from past experience).
You could also do a remote wipe but please note this does a wipe of the device itself and unless users are made aware of it when they setup the emails on the phones this could cause issues if the user loses personal data off of the phone as a result.
0
 

Author Comment

by:jrdregs
ID: 40354471
No John it was the company email.  You have a point though I still can not stop that from happening.
0
 
LVL 9

Expert Comment

by:Zacharia Kurian
ID: 40354483
Most probably the change of account did not reflect in AD.
When you reset the password, did you try loging into his email through OWA, with his reset password? Make sure that you have disabled active sync for this user.

Also have you removed his phone from the mail sync? (needs to do it from ecp) and make sure that his mobile doesn't exists, using ADSI edit.
0
 

Author Comment

by:jrdregs
ID: 40354491
Morty500UK- I think remote wipe on a BYOD is evil.  I would do that on a company phone which we do have.  disabling AS sounds like a good idea.  Is there any way to shorten the token life?  Usually I have a little notice before a termination is about to happen.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 300 total points
ID: 40354498
Restart IIS (run IISRESET from a command prompt) on your server as that will force the link to be broken between your server and their phone and then with the account disabled, they won't be able to send further emails.

Alan
0
 

Author Comment

by:jrdregs
ID: 40354534
Zackaria I do not see in ECP how to remove phone from mail sync. Removing from ASDI edit does that invalidate the existing token as morty500UK says?
0
 

Author Comment

by:jrdregs
ID: 40354570
Alan Hardisty  reset IIS  on the mail server or the DC.
Thank you I found this KB because of you http://support.microsoft.com/kb/2612821
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40354590
On the mail server.
0
 

Author Closing Comment

by:jrdregs
ID: 40354635
I think the proper proceedure is to disable active sync for the user, disable the account,  then reset IIS on the mail server. Thanks Alan and Morty
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 40354657
Just disabling the account and running IISRESET would stop the phone from re-authenticating.

Thanks for the points.

Alan
0
 
LVL 5

Expert Comment

by:RAdministrator
ID: 40354668
A simpler solution is to change the user account password, then log in as the user into OWA (Outlook Web).
In the Mobile / Email Device menu, you can simply click on  the device and remotely wipe company data on it, or just remove it, which removes the ActiveSync partnership (what Alan Hardisty intended to achieve by resetting IIS).
Outlook Web Access Mobile menu showing two BlackBerry partnerships
Edit: do note that this only works for Exchange 2010 and 2013.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
how to add IIS SMTP to handle application/Scanner relays into office 365.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question