Exchange Users with no Domain Logon Rights?
Hi everyone,
We have serveral dozen users that we need to have Exchange accounts created for, however, they are not domain users. Is it possible to create Exchange users but have their AD accounts only be used for Exchange (i.e. no logon rights or any other rights period)?
Thanks.
July 26th, 2011 4:59pm
Yes, why not just leave the default group which is domain users for this user account so that they can logon to a PC to access the mailbox via Outlook.
Or provide OWA access and disable MAPI. Or let them use Outlook Anywhere/RPC over HTTP. Then they are pretty much restricted to mailbox access only. Sukh
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2011 6:38pm
Hi J Dig,
If you want to create Exchange Users but their AD accounts only be used for Exchange, you can create shared mailboxes for that users. Since shared mailbox required
AD account disabled, the user will not have logon right or other rights period.
This mailbox isn't associated with any of the users that can log on. It's associated with a disabled user account.
How to create shared mailboxes:
Shared Mailboxes
http://blogs.technet.com/b/sjimmie/archive/2008/07/10/shared-mailboxes.aspx
Thanks,
Evan Liu
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
July 26th, 2011 10:16pm
Hi,
If you want to create Exchange Users but their AD accounts only be used for Exchange, you can create shared mailboxes for that users. Since shared mailbox required
AD account disabled, the user will not have logon right or other rights period.
This mailbox isn't associated with any of the users that can log on. It's associated with a disabled user account.
How to create shared mailboxes:
Shared Mailboxes
http://blogs.technet.com/b/sjimmie/archive/2008/07/10/shared-mailboxes.aspx
Thanks,
Evan Liu
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 5:10am
Yes, why not just leave the default group which is domain users for this user account so that they can logon to a PC to access the mailbox via Outlook.
Or provide OWA access and disable MAPI. Or let them use Outlook Anywhere/RPC over HTTP. Then they are pretty much restricted to mailbox access only.
Sukh
These are users that are not on our corporate domain (off site users and contractors for instance) so giving them full domain logon rights is not an options, but they still need full access to their Exchange email accounts.
July 27th, 2011 9:15am
Hi,
The users will need to logon to access their mailboxes - no way around that.
Leif
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 9:26am
Well how do you expect them to logon to their mailbox, You will need an account.
Have you looked at points 2 & 3? Also depends where they will login from? You could restrict their AD accounts by setting Logon restrictions to a workstation or a dummy workstation.
Can also consider using POP3 or IMAP, but I'd recommend the other options. Sukh
July 27th, 2011 9:29am
Hi J Dig,
You can use Linked Mailbox to help you on this issue.
A linked mailbox is a mailbox associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox
with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the
external accounts forest.
For linked mailbox, it user account is disabled in the AD forest, you can use other external account (in another forest) to login the mailboxes.
You can know more information about linked mailbox from this document:
Create a Linked Mailbox
http://technet.microsoft.com/en-us/library/bb123524.aspx
Thanks,
Evan Liu
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2011 1:35am
Hi
You can use Linked Mailbox to help you on this issue.
A linked mailbox is a mailbox associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox with
an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the external
accounts forest.
For linked mailbox, it user account is disabled in the AD forest, you can use other external account (in another forest) to login the mailboxes.
You can know more information about linked mailbox from this document:
Create a Linked Mailbox
http://technet.microsoft.com/en-us/library/bb123524.aspx
Thanks,
Evan Liu
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
July 28th, 2011 8:30am
Hi,
Any updates on this issue?
Thanks,
Evan Liu
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 9:48pm