Hi

I am running Exchange 2010 on Windows 2008.  What is the recommended practice in regards to mailbox management, after an emaployee leaves an organisation.  Is the mailbox to be deleted/removed, disabled ?

How after the employee leaves can the organisation ensure they can access the user's historical mail without comprising security.

Regards

Well two things to consider

1. Check with corporate counsel or appropriate department to confirm policy for mail retention in general as well as for ex employees.  You want to have that nailed down and consistent moving forward else if you ever get in a legal challenge and do not have a set policy it becomes a nightmare real quick.

2. in terms of the ex-employees email there are a few options;

A: disable the account but do not delete the mailbox for a set time frame.  PRO: is its easy to gain access to that mailbox when needed, CON - the mailbox is still taking up space in your production system

B: Export the mailbox to PST and then delete the users mailbox.  PRO - once exported to PST it make accessing the information fairly easy, you can also then delete the mailbox and user from your system. CON: - PST's are not secure so you need to store it in a secure location.  The data is now outside of Exchange and you will need to ensure that you are in compliance for corporate retention policy

BTW if you go with option A and just disable the account but leave the mailbox intact you can easily extract that mailbox from offline copies/backups of the database by using a 3rd party like ucid8's DigiScope http://www.lucid8.com/product/digiscope.asp which has the ability to open any offline Exchange Database so that you can Browse, Search, Export Mailboxes, Folders and Items to PST & MSG or to Recover/Import/Migrate data directly from any Offline Exchange database to ANY Production Exchange server, even cross version i.e. 2003 --> 2007 --> 2010 etc.

NOTE: If you have a backup of the database with the mailbox within you can technically delete the AD account and mailbox from the production server and then use DigiScope to open that Offline Backup copy to gain access to the Mailbox because DigiScope looks directly at the contents of the database and does not need a correlated user account.  All that is needed is to have DigiScope installed onto an appropriate machine (32 or 64 bit supported MS OS & You do not need Exchange on a DigiScope enabled machine)) and you can open the DB to see and gain access to all mailboxes and information.  You can even be on a completely different network.