locked
Exchange mailbox and disabled AD accounts RRS feed

  • Question

  • Hello All

    Something I've always wondered what *should* be the correct answer to :)

    I'm running Exchange 2007 SP2 and AD 2008.

    Let's say I have a mailbox named Temp1 used by a casual worker. She leaves, so we disable her AD account.

    Should I still be able to access her mailbox, assuming I have Full Mailbox access, either via my OWA or my Outlook profile?

    Is the only way I can't access this mailbox when I try and actually log in as Temp1?

    Secondly, let's say I then deleted the Temp1 AD account using ADUC. I know the Exchange mailbox still lives in the EDB database for another 35 days, but in disconnnected state, am I correct (well it was in E2003)? Should I still be able to access this mailbox now in the same fashion as before?

    Thirdly, in either situation, what happens if people email the Temp1 mailbox?

    Finally, can email forwarding work when the associated AD account is disabled/deleted?

    Tuesday, March 1, 2011 6:46 PM

Answers

  • If the account is disabled, the mailbox continues to operate. This was the case in Exchange 2003 after a certain hotfix.

    If you create a resource mailbox, then a disabled account is created for it by the wizard automatically.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Proposed as answer by Serena Li Thursday, March 3, 2011 9:38 AM
    • Marked as answer by Serena Li Wednesday, March 9, 2011 1:12 AM
    Wednesday, March 2, 2011 9:04 PM
  •  

    Hi,

     

    When you disable a user in ADUC, the mailbox can receive the email sent to him/her. And you should create a shared mailbox in Exchange 2007, it will associate with a disabled account.

     

    Best regards,

    Serena


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Serena Li Wednesday, March 9, 2011 1:12 AM
    Thursday, March 3, 2011 9:39 AM

All replies

  • If you have deleted the AD object, then the mailbox becomes orphaned. You will need to attach the mailbox to an account in order to access it. As the object doesn't exist in the domain, any email sent to it will bounce. You can't do anything with a deleted mailbox other than attach it to an AD account.

    With regards to an account that is disabled, you should still be able to access the mailbox because all AD is doing is controlling the authentication. The permissions are still read. This is the standard way that a resource domain is setup - you have a disabled account in the domain with Exchange and then users authenticate with another domain and then a trust is used to allow mailbox access.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    Tuesday, March 1, 2011 9:29 PM
  • Thank you, Simon.

    Just one further question on this - you say that if a mailbox's AD account is disabled, then people can still access the mailbox via Outlook etc. How about the mailbox recv'ing email, will that continue to work? I know in 2003 there was the NOMAS utility etc, but not sure how Exchange 2007 handles all of this?

    Wednesday, March 2, 2011 7:36 PM
  • If the account is disabled, the mailbox continues to operate. This was the case in Exchange 2003 after a certain hotfix.

    If you create a resource mailbox, then a disabled account is created for it by the wizard automatically.

    Simon.


    Simon Butler, Exchange MVP
    Blog | Exchange Resources | In the UK? Hire Me.
    • Proposed as answer by Serena Li Thursday, March 3, 2011 9:38 AM
    • Marked as answer by Serena Li Wednesday, March 9, 2011 1:12 AM
    Wednesday, March 2, 2011 9:04 PM
  •  

    Hi,

     

    When you disable a user in ADUC, the mailbox can receive the email sent to him/her. And you should create a shared mailbox in Exchange 2007, it will associate with a disabled account.

     

    Best regards,

    Serena


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Serena Li Wednesday, March 9, 2011 1:12 AM
    Thursday, March 3, 2011 9:39 AM