• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 226
  • Last Modified:

POP Access for Non-Domain users

I'm having a Exchange 2000 server, running in a Windows 2000 Active Directory/Domain running in mixed mode (Some old NT DC's)

I'm using MCC - Active Directory Users and Computers to administrate the mailserver.

There is access to the Exchange Server from the Internet, for receiving and sending mail. Users can pick-up their mail from home using SecurePOP3.

Now I would like to be able to create some POP3-accounts, without having to create users on the Domain (And thereby giving them some access to the servers on the domain)

Does anyone have any ideas on how I can do that??
  • 2
1 Solution
You can't.  Mailboxes are inexorably linked to domain user accounts.  The only way around it would be to create a single user account and assign multiple mailboxes to this account - hardly secure though.
Hstiles is right that Exchange 2000 and AD domains are indelibly linked. You can't have the mailboxes without the domain accounts.

However, you cannot assign a single user to multiple mailboxes. Each mailbox must have a unique owner account, although users can be given rights to view multiple mailboxes.

You do have options, in order of most secure/difficult to least:

1. Create child domain in AD that contains all the users that you do not want in the parent domain. Use group policy to limit the acessibility of this domain to only the resources needed to get mail.

2. Use an OU and group policy to accomplish the same thing if child domains are too extreme for your environment.

3. Put all the "non-domain" users in a global group. Remove the group's rights except for those needed for Exchange (perhaps none except "log on locally"...you will have to test). Remove the users from the "Domain Users" group. Ensure that your servers specifically deny this group access via NTFS or share perms depending on your security policy.
You could also place the accounts in the domain guests group.
floppermanAuthor Commented:
hstiles gets the points even though it wasn't the answer I was hopeing for :-)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now