List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: AW: RE: [ActiveDir] Disabled User Accounts Accessing Resources

Prev Next

You are not authorized to post a reply.

Author

Messages

markusw

Posts:10

07/22/2008 11:32 AM
Hi you also can solve this if you. Use a shorter lifetime for kerberos-tickets but in this case you will also get more traffic on network Kindly regards Markus ------Originalnachricht------ Von: Kennedy, Jim An: ActiveDir@mail.activedir.org Antwort an: ActiveDir@mail.activedir.org Gesendet: 22. Jul. 2008 16:00 Betreff: RE: [ActiveDir] Disabled User Accounts Accessing Resources Wow, I didn’t know this. This is insane, a disabled account that still has access to domain resources?!? That goes against every common sense description of how an account works that I can think of. I am not normally an MS basher but they sure have screwed the pooch on Exchange management with this version. Most disgusting. Looks like hiding them from the address book will also keep them out of owa. Glad this came up, we are in the process of closing two buildings and there are many accounts to deal with. We usually disable and wait a few weeks to see if anyone calls in case we got the wrong info from HR. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Bruce Hopkins Sent: Tuesday, July 22, 2008 9:40 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Disabled User Accounts Accessing Resources If you have Exchange 2007, then a disabled user that has a mail account can still access mail resources through OWA or Mapi if you have them enabled. You have to disable their mail access in the Exchange 2007 manager. It did not work this way in 2003, but does in 2007. I’m not sure why Microsoft did this as I thought 2007 was supposed to be tighter integrated with AD and not the other way around. Thanks Bruce Hopkins 770-528-4574 Director Information Systems Chattahoochee Technical College http://www.chattcollege.com (\__/) (='.'=) This is Bunny. Copy and paste bunny into your (")_(") signature to help him gain world domination. From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Rand Salazar Sent: Tuesday, July 22, 2008 8:46 AM To: Active Dir Subject: [ActiveDir] Disabled User Accounts Accessing Resources Hey guys, Is this the intended? I have disabled AD users, but they can still access OWA. I am unsure why or how to fix this. Is it even broke? On another note, will multiple attempts with a bad password on OWA lock an AD account, provided we have the policy set? Thanks, Rand kindly regards / Mit freundlichen Grüßen Markus Wilhelm productmanager directory services and microsoft identity information server * this message is answered with blackberry * HVB IS GmbH Am Tucherpark 12 80538 München Germany Phone +49(89)37828530 Mobile +49(172)8918842 Email: Markus.Wilhelm@hvbis.com Web: http://www.hvbis.com HVB Information Services GmbH Member of UniCredit Group, Am Tucherpark 12, 80538 München management: Gabriele Ruf, Klaus Rausch chairman Supervisory Board: Matthias Sohler legal form: GmbH, registered office: München, register court: local court München HR B 93804, tax number 143/800/82007 .+-�0��j�q.+-�0��ˊ�E��Kj�!i�b��b��ןj�m

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > AW: RE: [ActiveDir] Disabled User Accounts Accessing Resources

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads