Disconnect or block user


If you need to block all network access to a particular user so he/she can’t access or delete any files or emails you have number of option.

1. Disable user in AD

  • If user tries to logon on the network will get a message – your account is disabled.
  • Incoming emails are still delivered in Exchange 2007 environment. In Exchange 2003 environment without hotfixes 916783 and 903158 incoming emails will be rejected.
  • If user is already logged on, he can still access network and Exchange emails until logon token expires. This may take quite a while (hours). Even after that Outlook connection to the Exchange may work until Outlook is restarted.
  • To disconnect user immediately, force computer to restart or logoff
  • To log off or restart remotely: Computer management > Connect to another computer > computername > Properties > Advanced > Startup and Recovery Settings > Shut Down > Log off Current User / Force Apps Closed
  • To restart remotely: CMD > shutdown -r -f -m \\computername This will warn user and give 30 seconds to save his data. If user has local admin rights he could cancel shutdown with shutdown –a. If you don’t want to warn user about the restart use shutdown -r -f -m \\computername -t 0


2. Change user password

  • If user tries to logon on the network will get a message – password is incorrect.
  • Incoming emails are delivered.
  • Everything else as in disabled user (see above).

3. Disable user in Exchange Management Console

  • EMC > Recipient Configuration > Mailbox > User Name > Disable
  • This removed link between AD user and Exchange mailbox
  • Incoming emails gets rejected immediately
  • User is disconnected from his mailbox in webmail immediately although if Outlook is open user may still be able to access and delete his emails there for a while.
  • Mailbox is marked for deletion in Exchange
  • If you want disconnected mailbox become visible in EMC > Recipient Configuration > Disconnected Mailbox immediately, open Exchange Management  Shell and run Clean-MailboxDatabase "database name"


4. Initiate malbox move

  • In emergency if you want to disconnect user from his mailbox immediately (to prevent email deletion, etc) without disabling user in Exchange (thus rejecting incoming email) you can initiate mailbox move to another database (in Exchange Management Console).
  • EMC > Recipient Configuration > Mailbox > User Name > Move Mailbox.
  • As soon as mailbox move starts user will be disconnected from his mailbox, including webmail and outlook.
  • If user uses Outlook in cached mode and deletes his emails while mailbox is being moved this is not replicated to the server while move operation is in progress, but when mailbox goes back online after move and user restarts the Outlook deleted emails will be removed from server as well.
  • After move is completed mailbox will immediately become available again.
  • If you dismount mailbox store to which mailbox was moved it will become unavailable again (along with all other mailboxes in this database) and all incoming emails will be queued.


Windows Server 2003
Windows XP
Exchange 2007

No comments

Leave your comment

In reply to Some User
Captcha Image
FB

Oxford IT - Professional IT Support

Shopping List App Advert