How do I turn of moble email immediately?
I had a employee who was fired. I was told to take away all of their privileges as the meeting began. I did. I disabled the account in AD. The person left the building and proceeded to email the company. Their mobile email still worked even tough I disabled the account.
John-Charles-Herzberg
I would first change the password and then remove the account
ASKER
Not an option. I did change the password and disable the account in AD. Yet his IPhone was still able to send messages. I need to be able to access the users info after they are gone. There must be a better way to disable their account in Exchange.
Can you remote wipe the iPhone?
Are they perhaps using a different account to email the company?
ASKER
No actually it was a BYOD. I just need to deactivate his email.
Are the contacts on the iPhone and he is using the local email account to send email?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No John it was the company email. You have a point though I still can not stop that from happening.
Most probably the change of account did not reflect in AD.
When you reset the password, did you try loging into his email through OWA, with his reset password? Make sure that you have disabled active sync for this user.
Also have you removed his phone from the mail sync? (needs to do it from ecp) and make sure that his mobile doesn't exists, using ADSI edit.
When you reset the password, did you try loging into his email through OWA, with his reset password? Make sure that you have disabled active sync for this user.
Also have you removed his phone from the mail sync? (needs to do it from ecp) and make sure that his mobile doesn't exists, using ADSI edit.
ASKER
Morty500UK- I think remote wipe on a BYOD is evil. I would do that on a company phone which we do have. disabling AS sounds like a good idea. Is there any way to shorten the token life? Usually I have a little notice before a termination is about to happen.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Zackaria I do not see in ECP how to remove phone from mail sync. Removing from ASDI edit does that invalidate the existing token as morty500UK says?
ASKER
Alan Hardisty reset IIS on the mail server or the DC.
Thank you I found this KB because of you http://support.microsoft.com/kb/2612821
Thank you I found this KB because of you http://support.microsoft.com/kb/2612821
On the mail server.
ASKER
I think the proper proceedure is to disable active sync for the user, disable the account, then reset IIS on the mail server. Thanks Alan and Morty
Just disabling the account and running IISRESET would stop the phone from re-authenticating.
Thanks for the points.
Alan
Thanks for the points.
Alan
A simpler solution is to change the user account password, then log in as the user into OWA (Outlook Web).
In the Mobile / Email Device menu, you can simply click on the device and remotely wipe company data on it, or just remove it, which removes the ActiveSync partnership (what Alan Hardisty intended to achieve by resetting IIS).
Edit: do note that this only works for Exchange 2010 and 2013.
In the Mobile / Email Device menu, you can simply click on the device and remotely wipe company data on it, or just remove it, which removes the ActiveSync partnership (what Alan Hardisty intended to achieve by resetting IIS).
Edit: do note that this only works for Exchange 2010 and 2013.