Moving forward, I would make wiping the device for terminated users an SOP... And consider doing it now.
On Wed, Feb 16, 2011 at 3:07 PM, Harry Singh <hbo...@gmail.com> wrote: > Ahh. Thanks Michael. > > I'll make sure the team updates their documentation to either remove > Exchange Attributes -- which I assume isn't too difficult to add back on in > the event the user returns -- or disable certain mailbox features. To > confirm, in regard to BES, if i disable the MAPI function, that should > suffice right? > > Harry. > > On Wed, Feb 16, 2011 at 2:56 PM, Michael B. Smith > <mich...@smithcons.com>wrote: > >> Disabling a user doesn’t stop its mailbox from receiving or sending >> email. That is a specific required use-case in cross-forest scenarios. >> >> >> >> You need to disable their access via the mailbox features (MAPI and OWA >> and EAS are the top-3) or remove Exchange attributes from the account. >> >> >> >> Regards, >> >> >> >> Michael B. Smith >> >> Consultant and Exchange MVP >> >> http://TheEssentialExchange.com <http://theessentialexchange.com/> >> >> >> >> *From:* Harry Singh [mailto:hbo...@gmail.com] >> *Sent:* Wednesday, February 16, 2011 2:50 PM >> *To:* NT System Admin Issues >> *Subject:* OT: Disabled AD Accounts and BES >> >> >> >> All - >> >> >> >> There is a suspicion that a recently terminated employe's credentials >> might still be in use on the network. (Disclaimer: I don't handle user >> termination/creation) Since the user had multiple computers, I thought it >> may be possible that an outlook session and of course windows session >> remained logged in while the account was disabled. But I confirmed that >> wasn't the case. We confirmed that the user's BB was still in service on the >> BES console. It turns out that the user may still have been accessing >> corporate e-mail from the BB, my question then is: How is it possible that >> by disabling an AD account (changed the p/w as well) can BES still operate >> normally ? What are your procedures/steps for user terminations/exits? >> >> >> >> >> >> Environment:AD 2003 R2 / Exchange 2K10 / BES 5.0 >> >> >> >> Thanks, >> >> >> >> Harry. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
