Scenario: Hide mailbox and forward email to manager
The policy described in this scenario performs the following functions during the user deprovisioning process:
-
Hides the deprovisioned user from the Exchange organization’s address lists.
-
Configures email forwarding so that email messages addressed to the deprovisioned user are sent to the user’s manager, without delivering them to the user mailbox.
To implement this scenario, you must perform the following actions:
-
Create and configure the Policy Object that defines the appropriate policy.
-
Apply the Policy Object to a domain, OU, or Managed Unit.
As a result, when deprovisioning a user account in the selected container, Active Roles hides the deprovisioned user from the Exchange address lists and configures the forwarding address for that user as prescribed by this policy.
Creating and configuring the Exchange Mailbox Deprovisioning Policy Object
You can create and configure the Policy Object you need by using the New Deprovisioning Policy Object wizard. For information about the wizard, see Creating a Policy Object.
To configure the policy, click Exchange Mailbox Deprovisioning on the Select Policy Type page of the wizard. Then, click Next.
On the Options to Deprovision Mailbox page, select these check boxes:
-
Hide the mailbox from the global address list (GAL), to prevent access to the mailbox
-
Modify configuration of the email forwarding
Make sure that no other check boxes on the page are selected. Then, click Forward all incoming messages to the user’s manager and clear the Leave copies in the mailbox check box.
When you are done, click Next and follow the instructions in the wizard to create the Policy Object.
Step 2: Applying the Policy Object
You can apply the Policy Object by using the Enforce Policy page in the New Provisioning Policy Object Wizard, or you can complete the wizard and then use the Enforce Policy command on the domain, OU, or Managed Unit where you want to apply the policy.
For more information on how to apply a Policy Object, see Applying Policy Objects and Managing policy scope.
Home Folder Deprovisioning
Policies in this category are intended to automate the following tasks on deprovisioning home folders for deprovisioned users:
-
Revoke access to home folders from deprovisioned user accounts.
-
Grant designated persons read access to deprovisioned home folders.
-
Change ownership on deprovisioned home folders.
-
Delete deprovisioned home folders.
When configuring a policy in this category, you specify how you want Active Roles to modify security on the user’s home folder upon a request to deprovision a user, and whether you want Active Roles to delete home folders upon user account deletion. The purpose is to prevent deprovisioned users from accessing their home folders, and to authorize designated persons to access deprovisioned home folders.