Directories - Deleting Users from Mimecast

Updated

This article contains information on deleting user accounts in Mimecast, including steps for manual deletion, handling directory-synchronized accounts, recipient validation methods, and managing the purge list to ensure proper account and email processing.

Administrators can delete user accounts from their Mimecast account or their internal LDAP environment. Typical reasons for doing this are account management, or ensuring inbound messages to a user are no longer accepted by us.

Accepted Messages (e.g. messages in the Delivery or Held Queues) for that user are processed by us. Additionally, you cannot purge or delete a user account that has an Administrator role assigned - you must first remove the Administrator role.

Address Validation

We provide different options to validate the recipient of an inbound message. The recipient validation method configured for your internal domains and the user account status determine if the message is accepted by Mimecast.
For example, if the recipient validation method is set to Accept inbounds for valid Directory users only, and the user account status is Manually Created, an inbound message to this address is rejected as an invalid recipient. However, if recipient validation is set to Accept all inbounds for this domain, messages are accepted for all email addresses in the internal domain.

Validation methods can be configured differently for each of your internal domains by a user with a role to configure domains (e.g. Basic Administrator). See Directories - Recipient Validation Management.

Deleting Users from Mimecast

You cannot delete email address accounts from your Mimecast account until all active emails relating to that user (e.g. Accepted email) have been processed. Once the user is deleted from Mimecast, all emails relating to that user will remain in the archive, and can still be accessed using the Archive Search feature in the Mimecast Administration Console.

You cannot delete Directory Synchronized email address accounts from your Mimecast account, as they would be re-added during the next Directory Synchronization. To delete user accounts, they must be removed from your directory and then removed from Mimecast.

Once completed, the user is added to a purge list. A task is automatically scheduled at midnight to remove users from the purge list, providing there is no active mail for them (e.g. Held or Accepted messages).

A Retention Adjustment can also permanently remove messages for a specific user from the archive, if required.

Deleting Users

You can delete a single user from Mimecast, by using the following steps:

  1. Log in to the Mimecast Administration Console.

  2. Navigate to Directories | Internal Directories.

  3. Click on the Domain to which the user's email address belongs.

  4. Right-click on the Email Address to be deleted.

    • Select the Purge Address menu item. A warning notification with a list of all the log entries that will be purged is displayed.image

    • Click Confirm Data Removal inside the notification.

You can delete multiple users, by using the following steps:

  1. Select the Tick Box on the left of each email address to be deleted.

  2. Click Purge Selected Addresses. A warning notification with a list of all the log entries that will be purged is displayed.

  3. Click Confirm Data Removal inside the notification.

Troubleshooting Purge Issues

If an email address fails to be purged, it's typically because:

  • The address is actively receiving emails during the purge cycle.

  • There are Held Messages associated with that address.

To resolve these issues, ensure no Held Messages exist for the address before the purge cycle, and consider implementing the precautions for bulk deletion mentioned earlier.

Removing Users from the Purge Address List

When a user's account is deleted, it is added to the purge list.
You can remove users from this list to reverse a user's deletion, by using the following steps:

  1. Log in to the Mimecast Administration Console.

  2. Navigate to Directories | Internal Directories.

  3. Click View.

  4. Select Address Purge List.

  5. Right-click on the Email Address to be removed.

  6. Select Remove Item.

Deleting Users from Active Directory

When accounts are deleted from Active Directory, the account isn't deleted from Mimecast. Instead, its status is changed from Extracted from Directory to Message in Transit, once the next Directory Synchronization is performed. This means that if your recipient validation is set to Accept inbounds for valid Directory users only, external senders will no longer be able to send messages to these addresses. Logging onto Mimecast using this address will require a Cloud password, as the domain password will no longer work.

By default, a protection mechanism is in place that only allows ten Active Directory addresses to be updated during each synchronization. This prevents mass changes, should a customer experience a configuration issue internally. This setting is configurable, see Directory Synchronization - Maximum Sync Deletions & Deleted Users.

Users that are no longer presented during synchronization can be automatically purged from Mimecast using the Deleted Users option in your Directory Integration. See Directory Synchronization - Maximum Sync Deletions & Deleted Users.

See Also...

Related to

Was this article helpful?
1 out of 5 found this helpful

Comments

0 comments

Please sign in to leave a comment.