ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    How long to keep people's AD/Exchange accounts

    IT Discussion
    10
    24
    1213
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • momurda
      momurda last edited by momurda

      We have users in Exchange that are still active even though they have not worked here for years. I am told i cannot remove them. Any laws the company is breaking? We are US based company.

      1 Reply Last reply Reply Quote 0
      • Kelly
        Kelly last edited by

        Most definitely violating security best practices. Always disable on termination, and then clean out yearly has been the way I've handled it in the past.

        momurda 1 Reply Last reply Reply Quote 0
        • momurda
          momurda @Kelly last edited by

          @kelly I should clarify my OP, the users are disabled but mail accounts are still active.

          Kelly 1 Reply Last reply Reply Quote 1
          • JaredBusch
            JaredBusch last edited by

            Well if the mail is still active, then they are still taking up a license.
            That is going to get expensive.

            1 Reply Last reply Reply Quote 1
            • Kelly
              Kelly @momurda last edited by

              @momurda said in How long to keep people's AD/Exchange accounts:

              @kelly I should clarify my OP, the users are disabled but mail accounts are still active.

              Ah, good clarification. My approach with email was to export user's email to a pst, remove the account and add their address as an alias to their replacement or their boss. Eventually the boss would ask for it to be removed entirely.

              However, I don't think there is any law that you're violating with email. It is expensive, but not terrible. As GDPR goes in to effect next month that might change if you have data containing PII from EU citizens.

              1 Reply Last reply Reply Quote 1
              • DustinB3403
                DustinB3403 last edited by DustinB3403

                Are you on O365 or is this on-premise?

                If O365 I would put the accounts into Litigation hold, this is less costly than a full license and means nothing can be deleted.

                Write up a policy on how long the business wants to retain these accounts and email and then delete them after the expiration date.

                If On-Premise I would still write up a retention policy, and then delete them after the expiration date.

                1 Reply Last reply Reply Quote 2
                • WLS-ITGuy
                  WLS-ITGuy last edited by

                  I know it is different for businesses than schools but we (school) keep them active for two weeks if they drop. Then export to PST and give them instructions on how to migrate that data into GMail and disable the email/user. Our email retention policy is 30 days. I delete them in ECP and it holds onto the email/user for 30 days and then purges.

                  1 Reply Last reply Reply Quote 0
                  • bbigford
                    bbigford last edited by bbigford

                    I have a pretty standard process:

                    • Employee is terminated.
                    • AD account disabled.
                    • AD account moved to 'Disabled Users' OU.
                    • AD password changed.
                    • Membership for all groups removed.
                    • Mailbox converted to shared mailbox for any mailbox needing to be actively monitored (frees up a license).
                    • Email forwarding setup if needed in the interim.
                    • Mailbox archived to PST and stored on a file server when it is no longer actively monitored.
                    • Mailbox disabled (automatically purged after 30 days).
                    • AD account removed after 30 days.
                    1 Reply Last reply Reply Quote 5
                    • momurda
                      momurda last edited by

                      Yes i have a process i want to follow too but cant.
                      3 years after people have not worked here, they still have an email and i think it is stupid AF.

                      bbigford Kelly Dashrender 3 Replies Last reply Reply Quote 1
                      • bbigford
                        bbigford @momurda last edited by bbigford

                        @momurda said in How long to keep people's AD/Exchange accounts:

                        Yes i have a process i want to follow too but cant.
                        3 years after people have not worked here, they still have an email and i think it is stupid AF.

                        Indeed, it is stupid af. Easier to ask for forgiveness than to ask for permission.

                        1 Reply Last reply Reply Quote 0
                        • Kelly
                          Kelly @momurda last edited by

                          @momurda said in How long to keep people's AD/Exchange accounts:

                          Yes i have a process i want to follow too but cant.
                          3 years after people have not worked here, they still have an email and i think it is stupid AF.

                          1. Sign up all the defunct addresses for catfacts, and then forward the account to their former boss
                          2. Protest innocence
                          3. ?????
                          4. Profit
                          DustinB3403 1 Reply Last reply Reply Quote 4
                          • DustinB3403
                            DustinB3403 @Kelly last edited by

                            @kelly said in How long to keep people's AD/Exchange accounts:

                            @momurda said in How long to keep people's AD/Exchange accounts:

                            Yes i have a process i want to follow too but cant.
                            3 years after people have not worked here, they still have an email and i think it is stupid AF.

                            1. Sign up all the defunct addresses for catfacts, and then forward the account to their former boss
                            2. Protest innocence
                            3. ?????
                            4. Save the Profits

                            FTFY

                            1 Reply Last reply Reply Quote 1
                            • momurda
                              momurda last edited by

                              Just had to lookup what catfacts is.

                              Kelly 1 Reply Last reply Reply Quote 1
                              • Kelly
                                Kelly @momurda last edited by

                                @momurda said in How long to keep people's AD/Exchange accounts:

                                Just had to lookup what catfacts is.

                                https://sendcatfacts.com/

                                WLS-ITGuy scottalanmiller 2 Replies Last reply Reply Quote 3
                                • WLS-ITGuy
                                  WLS-ITGuy @Kelly last edited by

                                  @kelly said in How long to keep people's AD/Exchange accounts:

                                  @momurda said in How long to keep people's AD/Exchange accounts:

                                  Just had to lookup what catfacts is.

                                  https://sendcatfacts.com/

                                  This could be the best thing ever!

                                  1 Reply Last reply Reply Quote 0
                                  • dbeato
                                    dbeato last edited by

                                    As soon as the person leaves we backup account to PST and then archive it. THat's all then remove the AD account. No services should be tied to the account.

                                    1 Reply Last reply Reply Quote 1
                                    • scottalanmiller
                                      scottalanmiller @Kelly last edited by

                                      @kelly said in How long to keep people's AD/Exchange accounts:

                                      @momurda said in How long to keep people's AD/Exchange accounts:

                                      Just had to lookup what catfacts is.

                                      https://sendcatfacts.com/

                                      Someone needs to make sendcatfax.com too!

                                      bbigford 1 Reply Last reply Reply Quote 3
                                      • bbigford
                                        bbigford @scottalanmiller last edited by

                                        @scottalanmiller said in How long to keep people's AD/Exchange accounts:

                                        @kelly said in How long to keep people's AD/Exchange accounts:

                                        @momurda said in How long to keep people's AD/Exchange accounts:

                                        Just had to lookup what catfacts is.

                                        https://sendcatfacts.com/

                                        Someone needs to make sendcatfax.com too!

                                        Random, literally still faxing, cat pics to random numbers on a dialer.

                                        scottalanmiller 1 Reply Last reply Reply Quote 0
                                        • scottalanmiller
                                          scottalanmiller @bbigford last edited by

                                          @bbigford said in How long to keep people's AD/Exchange accounts:

                                          @scottalanmiller said in How long to keep people's AD/Exchange accounts:

                                          @kelly said in How long to keep people's AD/Exchange accounts:

                                          @momurda said in How long to keep people's AD/Exchange accounts:

                                          Just had to lookup what catfacts is.

                                          https://sendcatfacts.com/

                                          Someone needs to make sendcatfax.com too!

                                          Random, literally still faxing, cat pics to random numbers on a dialer.

                                          Yup, would be awesome.

                                          1 Reply Last reply Reply Quote 0
                                          • Obsolesce
                                            Obsolesce last edited by

                                            Depending on who or which department, I archive their entire O365 account (email, calendar, etc) into a PST file.

                                            I've been doing this via:

                                            Exchange Admin > compliance management > in-place eDiscovery & hold > Click the + button > follow the wizard.

                                            Use IE or Edge.

                                            You are able to download the entire account to a .PST archive it locally, to tape, or do what you want with it.

                                            dbeato 1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post