We typically 'Delete' the user, and if no-one has an immediate need for their mail move it off the server.

Most cases I've had where an employee returns, there hasn't been a need to restore their mail, however I have had a couple cases. In those cases I restored their mail file, then, when setting up the user (as a new user, with a new certificate), set the user up to use the mail file with the same name. I made sure that the ACL was correct for the new user, and all was well.

Assuming of course that the user did not encrypt their mail file. If they had encrypted their mail, the new user id would not be able to read it. In that case they'd either have to start with a brand new mail file, or there would have to be a way to re-create their original Person Document & User.ID. I actually save copies of the Address Book periodically for that very reason. I've also had Person documents get accidentally deleted, so the backup copies are a life saver!

Saving copies of the person document for the purpose of obtainign old user ID files would only work if you use a generic password for the newly created user, and if you attach a copy of the users ID file to the person document when the usaer is registered.The best method is to take all users mail files who are terminated and ensure that they are not encrypted as part of the termination process, and then to store them in an off site locatiion.  This is also a good practice to use in the event that you would need to refer back to the user email account for any legal reasons.

Since Vince didn't ask about ID files, an unstated assumption (i know it's bad to assume) that he'd have access to the ID file, either thru the vault, or using ID recovery, both of which would still have a copy of the user's ID file that can be recovered and used.

Probably not good to assume, because he stated that he's new to Admin so may not have any method of ID recovery in place.

Vince, you might want to make sure that some method of recovering the ID is also in place - either the ID Vault, or ID Recovery.

Do they ask for their old email ? If so then yes, you would need to restore them.

However what other have said below is also correct. If you restore their old email and somehow there is an encrypted email in there then it would not be readable if you create a new user since the public / private key combination for that new user is different compared to the old one. To avoid this you would need to have the old copy of their person document and be able to recover their old id and reset its password.