Hello AD team,

As of now, the user's status in Workday is "Terminated," and the GCCOE team might have received a request from the representative of the terminated user to access the mailbox.

Based on my understanding,

[1] If the mailbox recovery is performed while the account is in a disabled state the mailbox remains linked to the disabled account, which gets soft deleted after 30 days and later irrecoverable if not discovered in time before hard deletion.

[2] To avoid this situation GCCOE request to soft delete the disabled AD account so the mailbox will no longer be associated with the disabled account, preventing it from being soft or hard deleted after the grace periods.

For further details, you may refer to GCCOE Please keep INC# for traceability and take necessary actions accordingly.

• Mailbox moves to soft deleted section when AD object is deleted/removed.

• If the AD object is in a disabled state, the mailbox becomes disconnected.

• Attaching a license to the disabled AD account brings the mailbox online and allows access to sharing.

• The disabled AD account will be deleted in the future, moving the mailbox to the soft deleted section.

• Access to the mailbox is lost if not reported in time; recovery from soft-deleted section is possible within 30 days.

• It's better to delete the AD object in a disabled state and perform recovery when access is requested to avoid mailbox loss.

• GCCOE has faced multiple cases of mailbox loss due to this issue. Now, the AD object is deleted whenever access is requested for a mailbox of a user who has left the organization, usually a disabled AD object.

Mailbox moves to soft deleted section when the AD object of the mailbox is deleted/removed

When the ad object is in a disabled state > license is not present at that time> mailbox in this case is only disconnected> however, if we attach the license the mailbox will come online, and we can share the access at that time. In this case, the disabled AD account will get deleted om future as it's in disabled state. once the ad object is deleted the mailbox goes to softdeleted section and the person who have access to it will lose the access. If the access issue is not reported on time that there is a high probability that the softdeleted mailbox cannot be recovered as we can recover the mailbox which is in softdeleted section only in 30 days. As the time line is tricky and hard to track

there is a high probability that the mailbox cannot be recovered so its better to delete the ad object in disabled state and perform the recovery at the same time the access is requested

so that there is no chance of lossing the mailbox

GCCOE have encountered multiple cases in past die to which above case to delete the object is now being raised when ever access to a mailbox is requested which is of a user left the organisation usually a disabled AD object