Disabled AD accounts & active mailboxes how to stop mail flow to it?
We disable AD accounts but their mailboxes are enabled by design until they are removed. I am looking for the best way to prevent email flow to to those mailboxes.
1.) Change Mail flow at the mailbox level:
We can also do the following to accommodate the request, we can create a dummy user address (hidden from the GAL) and limit the disabled mailboxes using the Message Delivery Restrictions
2.) Transport Rule:
A transport rule would determine if the user is a member of a disabled group and then reject it with a customizable NDR. With this approach all we would need to ensure is that the user is a part of the disabled group.
Any other suggestions? Can #2 be implemented if so can you please let me know how? are there any disadvantages with #2?
Thanks
1.) Change Mail flow at the mailbox level:
We can also do the following to accommodate the request, we can create a dummy user address (hidden from the GAL) and limit the disabled mailboxes using the Message Delivery Restrictions
2.) Transport Rule:
A transport rule would determine if the user is a member of a disabled group and then reject it with a customizable NDR. With this approach all we would need to ensure is that the user is a part of the disabled group.
Any other suggestions? Can #2 be implemented if so can you please let me know how? are there any disadvantages with #2?
Thanks
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Just making sure I follow you that the mailbox must be enabled until the user is removed. I believe Exchange will let you disable the email account (for auto purging later) instead of deleting it.
The easiest thing I have found was to remove the user from the spam firewall so the messages bounce (at least from the outside unless all internal mail also goes through the firewall).
Hide the address in the Global Address List. In the "Out of Office" message tell internal users this is no longer a valid account.
The easiest thing I have found was to remove the user from the spam firewall so the messages bounce (at least from the outside unless all internal mail also goes through the firewall).
Hide the address in the Global Address List. In the "Out of Office" message tell internal users this is no longer a valid account.
It depends upon your company policy
If company allows you to delete user directly, it will mark mailbox for deletion and it will not accept any mails
If you want, you can just disable mailbox so that email attributes will get stripped off from user properties and it will not accept any mails
You may export user existing mail to PST before taking any of above actions, so that you can retrieve those mails in future if required
http://exchangeserverpro.com/export-mailboxes-exchange-server-2010-sp1/
OR
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exporting-mailboxes-content-using-exchange-management-console.html
If you want, you can create new transport rule where you can specify condition that if any mail received to specific recipient, mail should be silently deleted / dropped with / without NDR Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs
If company allows you to delete user directly, it will mark mailbox for deletion and it will not accept any mails
If you want, you can just disable mailbox so that email attributes will get stripped off from user properties and it will not accept any mails
You may export user existing mail to PST before taking any of above actions, so that you can retrieve those mails in future if required
http://exchangeserverpro.com/export-mailboxes-exchange-server-2010-sp1/
OR
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exporting-mailboxes-content-using-exchange-management-console.html
If you want, you can create new transport rule where you can specify condition that if any mail received to specific recipient, mail should be silently deleted / dropped with / without NDR Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs
Hey
The simple anwser is the mailbox will still revive mail till it is disabled in exchange but as you know in exchange that means the mailbox is now disconnected until the time comes for it to be purged as per your set limit. Now that being said I understand what you are trying to do is keep the mailbox so that the important mail can be take out and then deleted.
I would suggest exporting the mailbox to a pst and then disabling the mailbox.
The simple anwser is the mailbox will still revive mail till it is disabled in exchange but as you know in exchange that means the mailbox is now disconnected until the time comes for it to be purged as per your set limit. Now that being said I understand what you are trying to do is keep the mailbox so that the important mail can be take out and then deleted.
I would suggest exporting the mailbox to a pst and then disabling the mailbox.
Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs.
----------
I should be able to create a group and move the disabled AD users (with active mailboxes) to the group and then link the group to the transport rule to block the message correct? Instead of having to create a new rule or modify the transport rule every time when someone leaves.
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs.
----------
I should be able to create a group and move the disabled AD users (with active mailboxes) to the group and then link the group to the transport rule to block the message correct? Instead of having to create a new rule or modify the transport rule every time when someone leaves.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial