RE: [ActiveDir] Disabled Accounts/Mail accepted

[Ion Gott]

I believe this issue really depended on the permissions on the mailbox and the synchronization of the security attributes. I can't recall but I believe it did behave a bit different in Exchange 2000.   I use NOMAS.exe to fix and sync the permissions when I enable/disable accounts. All my resource mailboxes are disabled and have self set as associated external account and have an msexchangMasterAccountSID set.   Ion   From: [EMAIL PROTECTED] on behalf of Cariglia, Daniel Sent: Fri 3/3/2006 1:58 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Disabled Accounts/Mail accepted Hello,               A few years back we had changed the way we disabled AD user accounts from disabling the account to restricting logon hours (restricted 24x7) and hiding from GAL.  We did this because mail sent to disabled accounts was getting rejected and the sender was getting a NDR. Also, management would come back to us a week later and want the ex-employees email correspondence after they left the company.  At that time we were a 2000 SP2 domain with exchange 2000, currently we are a 2003 SP1 domain with exchange 2003.                Presently, we have become aware that mail sent to accounts with the disabled box checked arrives in the mailbox.  My question is…did this behavior change when you upgrade to a  2003 AD/exchange 2003 or at some service pack level?   Were we wrong in our original assumption that email would not flow to disabled accounts a few years back?  The following MSFT article seems to support my assumption that disabled accounts will generate a NDR unless modified.   http://support.microsoft.com/default.aspx?scid=kb;EN-US;319047               Any thoughts on this, thank you in advance.               Dan