Quantcast
Channel: Exchange Server 2013 - Outlook, OWA, POP, and IMAP Clients forum
Viewing all articles
Browse latest Browse all 10580

Disabled Account Can Still Access OWA

$
0
0

Hi all,

We lost an employee today.  I disabled his account through the Active Directory Users and Computers snap-in and he was still able to login to his e-mail via OWA and send/receive messages. 
When I was alerted to this, I also went ahead and changed his password and I tested logging in to his account; it wasn't accepting the new password.  I knew his old one though and was still able to log in to OWA with it.  We're talking a good hour after I initially disabled his account at this point. 

It wasn't until I ran a GPUPDATE /FORCE on the CAS and a DC before OWA finally recognized that his account was disabled. 

So, why is it that he was still able to log in an hour after I disabled his account?  Some sort of domain caching?  How can I prevent this in the future? 

As an aside, as a company policy, user accounts are kept for 60 days and mailboxes are kept for an additional 30 days after that, so I can't disable a mailbox through Exchange, as it wouldn't fit with my retention needs.  We also just finished our migration from Exchange 2003 to 2010 a couple of weeks ago. 

Thanks in advance!  :)


Viewing all articles
Browse latest Browse all 10580

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>