I would love to see this script. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, November 09, 2005 9:03 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automating NoMas
Me? I don't. I just change the password to a randomly-generated complex one, make domain users its primary group, remove it from all groups except domain users, hide it from GAL and move it to a "Terminated" OU. That's where it stays until my monthly cleanup script runs, detects its modified date, see if it's longer than "x number of days" (depending on corporate retention policy), exmerges the mailbox and DELETEs the account. I still have most of the scripts that does all that handy if you are interested. Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon ________________________________ From: [EMAIL PROTECTED] on behalf of Harding, Devon Sent: Wed 11/9/2005 9:25 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automating NoMas Ok with that said, what would be the correct way or tools to disable a mail enabled account in Active Directory? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 09, 2005 11:49 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automating NoMas Let me restate this just a little. The issue are due to Exchange Dev having an incomplete understanding of how people do things in the enterprise and assuming that the only time a disabled account could have a mailbox is because it is a resource mailbox so instead of having an attribute for it they assume and then after assuming run into all sorts of issues with their assumption. >From our side, it means that we have to adjust how we deprovision accounts to properly populate the directory so Exchange doesn't get its panties in a bunch. And yes, enough of these will get your Exchange server's panties in a bunch. Lots of folks (primarily from MS) like to say these are meaningless and can't hurt anything but I have seen multiple cases where they caused store hangs and queues. I actually got an MS person to admin they were a huge issue about 2-3 years ago but couldn't get the person to give me an email stating that. I understood completely. The interesting thing is that you would at least expect ADUC with the Exchange extensions to properly disable these accounts but nope, we have to handle it manually. But that is ok, we really shouldn't be using ADUC to manage users in larger orgs anyway. No business rules, no decent logging, too many people with too many permissions: you want to use provisioning tools, either self written or purchased. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of joe Sent: Wednesday, November 09, 2005 10:59 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Automating NoMas Correct your deprovisioning process. Those issues are due to incorrectly setting values on mailbox enabled users. Basically bad data is going in the directory and then you are manually swinging back and correcting it. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Harding, Devon Sent: Wednesday, November 09, 2005 9:18 AM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Automating NoMas How can I prevent the Event ID error 9548(MSExchangeIS) from happening? I normally use NoMas to fix em, but I want to prevent them from happening. Would it be possible to create a script that runs like every morning and perform exactly what NoMas does for every child domain I have? Devon Harding Windows Systems Engineer Southern Wine & Spirits - BSG 954-602-2469 ----------------------------------------- __________________________________ This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use or distribution of the information included in the message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank You. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
