locked
Disable Inbox Rules for Disable Users RRS feed

  • Question

  • I have found that when our helpdesk disables an AD user account (terminated employee) that has an Outlook inbox rule to forward the email to an email address outside the organization, emails sent to the former employee are still forwarded to that outside email address.  I would like to run a script each day that queries AD for all disabled accounts, removes any forwarding SMTP adresses, then removes all mailbox inbox rules.  I have been trying to use get-aduser against a DC and export the list of disabled users, this works fine.  I then take that csv, import it and use -foreach-object to set the forwarding smtp address to null.  I would then like to use the same csv file to run the -removeinbox rule command against the list.  I am having a hard time time combining the commands I need into a PS script that works against both AD and Exchange.

    Anyone have some powershell kung fu to assist me?  Thank you!


    ~Eric

    Thursday, January 22, 2015 2:15 AM

Answers

  • Hi Eric,

    According to your description, I understand that you want a script to get a list of disabled AD user, then removes any forwarding SMTP addresses, then removes all mailbox inbox rules.
    We can run following command to get a list of disabled AD user in PowerShell:
    Get-ADUser -Filter 'Enabled -eq "false"' | select name,userprincipalname
    More details about “How Can I Get a List of All the Disabled User Accounts in Active Directory? “, for your reference:
    http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/12/how-can-i-get-a-list-of-all-the-disabled-user-accounts-in-active-directory.aspx

    Also, run below command to disable forwarding SMTP address and inbox rule:
    Get-Mailbox  -Identity xxxx | Set-Mailbox -DeliverToMailboxAndForward $false
    Get-InboxRule –Mailbox xxxx | remove-InboxRule

    However, we recommend use this disable AD user to disable mailbox.
    By the way, this question will related to the script of Exchange server, please contact relevant team so that you can get more professional suggestions. For your convenience:
    http://technet.microsoft.com/en-us/scriptcenter/dd742246.aspx

    Best Regards,
    Allen Wang

    • Proposed as answer by Allen_WangJF Monday, February 2, 2015 1:53 PM
    • Marked as answer by Mavis_Huang Tuesday, February 3, 2015 6:22 AM
    Friday, January 23, 2015 7:48 AM

All replies

  • I would disallow automatic forwarding to the internet as a rule under the remote domains object in Exchange

    If that isn't possible, then I would keep it simple and create a Mail-enabled DL that you add employees to as part of the termination process. Create a hub transport rule that drops messages sent from members of that DL to the internet and you are done.

    Once the mailbox is disabled, its a moot issue of course.


    Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

    Thursday, January 22, 2015 2:47 AM
  • I made a mistake in my original post by stating the helpdesk was disabling the user accounts in AD.  While this does happen at times, the majority are handled by a VB script that is taking the employee status from a file being dumped by our HR system.  (We have several thousand consultants around the globe so their employment status changes constantly)


    ~Eric

    Thursday, January 22, 2015 3:01 AM
  • Hi Eric,

    According to your description, I understand that you want a script to get a list of disabled AD user, then removes any forwarding SMTP addresses, then removes all mailbox inbox rules.
    We can run following command to get a list of disabled AD user in PowerShell:
    Get-ADUser -Filter 'Enabled -eq "false"' | select name,userprincipalname
    More details about “How Can I Get a List of All the Disabled User Accounts in Active Directory? “, for your reference:
    http://blogs.technet.com/b/heyscriptingguy/archive/2005/05/12/how-can-i-get-a-list-of-all-the-disabled-user-accounts-in-active-directory.aspx

    Also, run below command to disable forwarding SMTP address and inbox rule:
    Get-Mailbox  -Identity xxxx | Set-Mailbox -DeliverToMailboxAndForward $false
    Get-InboxRule –Mailbox xxxx | remove-InboxRule

    However, we recommend use this disable AD user to disable mailbox.
    By the way, this question will related to the script of Exchange server, please contact relevant team so that you can get more professional suggestions. For your convenience:
    http://technet.microsoft.com/en-us/scriptcenter/dd742246.aspx

    Best Regards,
    Allen Wang

    • Proposed as answer by Allen_WangJF Monday, February 2, 2015 1:53 PM
    • Marked as answer by Mavis_Huang Tuesday, February 3, 2015 6:22 AM
    Friday, January 23, 2015 7:48 AM