Disabled AD accounts & active mailboxes how to stop mail flow to it?
We disable AD accounts but their mailboxes are enabled by design until they are removed. I am looking for the best way to prevent email flow to to those mailboxes.
1.) Change Mail flow at the mailbox level:
We can also do the following to accommodate the request, we can create a dummy user address (hidden from the GAL) and limit the disabled mailboxes using the Message Delivery Restrictions
2.) Transport Rule:
A transport rule would determine if the user is a member of a disabled group and then reject it with a customizable NDR. With this approach all we would need to ensure is that the user is a part of the disabled group.
Any other suggestions? Can #2 be implemented if so can you please let me know how? are there any disadvantages with #2?
Thanks
1.) Change Mail flow at the mailbox level:
We can also do the following to accommodate the request, we can create a dummy user address (hidden from the GAL) and limit the disabled mailboxes using the Message Delivery Restrictions
2.) Transport Rule:
A transport rule would determine if the user is a member of a disabled group and then reject it with a customizable NDR. With this approach all we would need to ensure is that the user is a part of the disabled group.
Any other suggestions? Can #2 be implemented if so can you please let me know how? are there any disadvantages with #2?
Thanks
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
It depends upon your company policy
If company allows you to delete user directly, it will mark mailbox for deletion and it will not accept any mails
If you want, you can just disable mailbox so that email attributes will get stripped off from user properties and it will not accept any mails
You may export user existing mail to PST before taking any of above actions, so that you can retrieve those mails in future if required
http://exchangeserverpro.com/export-mailboxes-exchange-server-2010-sp1/
OR
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exporting-mailboxes-content-using-exchange-management-console.html
If you want, you can create new transport rule where you can specify condition that if any mail received to specific recipient, mail should be silently deleted / dropped with / without NDR Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs
If company allows you to delete user directly, it will mark mailbox for deletion and it will not accept any mails
If you want, you can just disable mailbox so that email attributes will get stripped off from user properties and it will not accept any mails
You may export user existing mail to PST before taking any of above actions, so that you can retrieve those mails in future if required
http://exchangeserverpro.com/export-mailboxes-exchange-server-2010-sp1/
OR
http://www.msexchange.org/articles-tutorials/exchange-server-2010/management-administration/exporting-mailboxes-content-using-exchange-management-console.html
If you want, you can create new transport rule where you can specify condition that if any mail received to specific recipient, mail should be silently deleted / dropped with / without NDR Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs
Hey
The simple anwser is the mailbox will still revive mail till it is disabled in exchange but as you know in exchange that means the mailbox is now disconnected until the time comes for it to be purged as per your set limit. Now that being said I understand what you are trying to do is keep the mailbox so that the important mail can be take out and then deleted.
I would suggest exporting the mailbox to a pst and then disabling the mailbox.
The simple anwser is the mailbox will still revive mail till it is disabled in exchange but as you know in exchange that means the mailbox is now disconnected until the time comes for it to be purged as per your set limit. Now that being said I understand what you are trying to do is keep the mailbox so that the important mail can be take out and then deleted.
I would suggest exporting the mailbox to a pst and then disabling the mailbox.
Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs.
----------
I should be able to create a group and move the disabled AD users (with active mailboxes) to the group and then link the group to the transport rule to block the message correct? Instead of having to create a new rule or modify the transport rule every time when someone leaves.
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs.
----------
I should be able to create a group and move the disabled AD users (with active mailboxes) to the group and then link the group to the transport rule to block the message correct? Instead of having to create a new rule or modify the transport rule every time when someone leaves.
Ok
You can create transport rule like below, you can specify condition that if user is member of specific DL, the mail should get dropped silently / with NDR
You can create transport rule like below, you can specify condition that if user is member of specific DL, the mail should get dropped silently / with NDR
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trialIt's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
The easiest thing I have found was to remove the user from the spam firewall so the messages bounce (at least from the outside unless all internal mail also goes through the firewall).
Hide the address in the Global Address List. In the "Out of Office" message tell internal users this is no longer a valid account.