Over the ages we've accumulated mailboxes of users who have since left the company. Due to concerns at the time (they have important stuff in the mailboxes, we need to get to it) the SOP was to leave the account ACTIVE and change the password to something that the rest of the department (or individuals) knew. They'd then connect to this account either via delegation or actually logging into it via Outlook.
This seems horrifying to me on many levels (security, efficiency, etc. etc.) and I want to get away from it in the easiest manner possible while still allowing people to view the emails, contacts, etc. stored in these accounts.
To that end, what should I do to accomplish this task?
My feeling is that I should: somehow dump the user mailbox, address book, etc as a PST or other stand-alone file, place it on a file share, and have the concerned users connect to it via that (then disable the user account and purge the mailbox).
Is that the way to go? Should I do something else? What are the steps to perform these tasks (where do I go in System Manager, etc.). Thanks!
to export them to PSTs and archive...
http://msexchangeteam.com/archive/2007/04/13/437745.aspx
For earlier versions you need to use a utility called Exmerge. Heres a link that says how to use it on 2007 or 2003.
http://www.exchangeinbox.com/article.aspx?i=88
That's quite the way to go.
Here's how I'm working :
I asked all the bosses at my workplace to tell me when someone's gonna leave in a few day and they have to tell me what do I do with this user's data. I'm usually told to transfer it to another user or to delete it. When transferring, I'm using delegation, then moving everything they want, then deleting.
Note that there's still a 1 week grace time after the user's departure to delete everything.
That's sadly another task we have as sysadmins...responsibilize users and get them to decide :/
While you could archive these mailboxes, you should also consider possible privacy violations. Question is, is it legal in your country to access the company email account from employees who have left the company? Basically, your former employees might have used this account for private purposes too, in which case it becomes a nasty legal question. If the employer even allowed the email account to be used for private matters then you might need to restrict access to this email account to perhaps only one administrator or whatever.
While it's okay to archive and store those mailboxes anywhere you like, I would advise you to contact a lawyer and ask about the legal consequences. Storage might be okay but access to it's contents should be restricted, possibly even blocked.
We use ExMerge to archive the mailbox, and then remove it from the server (and move the .pst to our archive server). As for the actual e-mail address, it is either forwarded to a new employee, provided with an out-of-office response indicating the new person to contact or removed completely so that it bounces. Which of these depends on the role of the person leaving.
As for privacy issues, we do have a signed e-mail access and usage agreement from our employees when they start in which they agree that all e-mail belongs to the company and should not be considered private by the employee.
Of course, this may not be legal in your country - so good advice to check this kind of thing with a lawyer.