Disabled AD accounts & active mailboxes how to stop mail flow to it?
We disable AD accounts but their mailboxes are enabled by design until they are removed. I am looking for the best way to prevent email flow to to those mailboxes.
1.) Change Mail flow at the mailbox level:
We can also do the following to accommodate the request, we can create a dummy user address (hidden from the GAL) and limit the disabled mailboxes using the Message Delivery Restrictions
2.) Transport Rule:
A transport rule would determine if the user is a member of a disabled group and then reject it with a customizable NDR. With this approach all we would need to ensure is that the user is a part of the disabled group.
Any other suggestions? Can #2 be implemented if so can you please let me know how? are there any disadvantages with #2?
Thanks
ExchangeEmail Servers
Last Comment
Mahesh
8/22/2022 - Mon
Configterm
Just making sure I follow you that the mailbox must be enabled until the user is removed. I believe Exchange will let you disable the email account (for auto purging later) instead of deleting it.
The easiest thing I have found was to remove the user from the spam firewall so the messages bounce (at least from the outside unless all internal mail also goes through the firewall).
Hide the address in the Global Address List. In the "Out of Office" message tell internal users this is no longer a valid account.
If you want, you can create new transport rule where you can specify condition that if any mail received to specific recipient, mail should be silently deleted / dropped with / without NDR Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs
SEHC
Hey
The simple anwser is the mailbox will still revive mail till it is disabled in exchange but as you know in exchange that means the mailbox is now disconnected until the time comes for it to be purged as per your set limit. Now that being said I understand what you are trying to do is keep the mailbox so that the important mail can be take out and then deleted.
I would suggest exporting the mailbox to a pst and then disabling the mailbox.
Message
Only thing you need to add new entries every time manually to transport rule whenever deletion of user occurs.
----------
I should be able to create a group and move the disabled AD users (with active mailboxes) to the group and then link the group to the transport rule to block the message correct? Instead of having to create a new rule or modify the transport rule every time when someone leaves.
The easiest thing I have found was to remove the user from the spam firewall so the messages bounce (at least from the outside unless all internal mail also goes through the firewall).
Hide the address in the Global Address List. In the "Out of Office" message tell internal users this is no longer a valid account.