Hi, Can we use Active Directory MA for disabling and de-provisioning the Exchange mailbox for users ? For provisioning the exchange mailbox, we need to set the required exchange attribute mappings in AD Outbound sync rules, but i am not clear for disabling or deletion of Exchange mailbox using FIM . Please suggest. Mayank Vaish

There is a general guideline for de-provisioning in FIM but you won't find anything in there about mailbox operations (clear/delete) because these are not standard use cases supported by the AD MA. On the mailbox provisioning side, as you probably know, all is done via a controlled PowerShell/MA interaction, but this does not extend to de-provisioning. This is possibly because there are no universal rules governing what should/shouldn't happen with mailboxes once the linked AD account is disabled ... and these generally vary from organisation to organisation. In general the standard options you have at your disposal (assuming for the moment you are using a sync rule to disable the AD account) are simply the following: using the standard Notification activity in an action workflow which fires (e.g. by a request-based MPR on employeeStatus changes) when the account is disabled (or maybe say 30 days later than this) to alert a sysadmin that some form of manual "maibox cleanup" is required using custom workflow activities (if you have a clear set of rules to apply in 100% of cases) to perform tasks such as empty or delete mailbox using some other "out-of-bounds" housekeeping activity (e.g. PowerShell script) to run on a schedule to perform the above tasks on accounts which meat your search criteria (e.g. accounts disabled for x days) Bob Bradley (FIMBob @ http://thefimteam.com/) ... now using Event Broker 3.0 @ http://www.fimeventbroker.com/ for just-in-time delivery of FIM 2010 policy via the sync engine

Good explanation by Bob. If you want to go the Powershell way, you could use my Powershell MA (http://blog.goverco.com/2011/06/powershell-management-agent-for-fim.html)Regards, Soren Granfeldt http://granfeldt.blogspot.com

I usually do this with a PowerShell workflow activity. Just fire the Disable-Mailbox call when the right criteria causes a set transition. For that matter I also usually do the Enable-Mailbox this way as well as it's way more flexible.My Book - Active Directory, 4th Edition My Blog - www.briandesmond.com

wont disabling user's ad account (e.g., userAccountControl = 514) disable his ability to send email as well?