Be careful with NT user/Exchange account administration
If you're like me, you put off deleting former-employee accounts until a rainy day. That's what I did, and found out I shouldn't have done that, because we had some severe outages in our Exchange Server as a result. We got it up and running again, but along the way, I learned some pretty good lessons, which others may find useful.
Here's what happened.
We had a long list of accounts that were no longer in use, and we needed to straighten that situation out. So I begin a massive delete process in the User Manager for NT. Since Microsoft provides an apparent closed-loop system by linking Exchange Administration features with the User Manager application, I had a false sense of comfort.
So I began deleting users accounts using a list that was provided to me by our Office Manager. Thinking that the link between Exchange and the User Manager would notify me if special e-mail accounts, like those with administrator privileges, would be deleted, I was confident that all was well.
Turns out that wasn't quite the story. Two MIS Directors before me had assigned Service Account Administrator Rights to several user accounts. User Manager for Domains did not inform me of this fact, and shortly after I deleted these accounts, Exchange generated security errors and shut itself down. To make matters worse, at the same time that I had deleted the accounts their mailboxes where being emptied and the log files overloaded, causing multiple application errors in the same log file that a single security entry was listed. Trying to find the real problem became a needle-in-the-haystack operation.
Event Viewer made it appear that I had an Exchange log-file problem, so I quickly moved the log files, after restarting the Information Store. Not so fast: Exchange wouldn't start completely. Now I was really puzzled. View after view in the Event Log pointed towards a Data Log problem, and then with a single listing, the actual security error leaped out at me. A quick review of the configuration/permission in Exchange pointed to conflicts with the now Unknown Users. Removing the conflicts and restarting the server resolved the problem.
Of course, the lesson of this tale of woe is two-fold.
- Always check the Global-, Site-, and Server-configuration files in Exchange prior to deleting accounts; you never know who may have special rights.
- When deleting mailboxes, consider the log-file size, as massive deletes can cause overloads if you don't have enough disk space.
Scott Baetz is MIS director for techtarget.com.