How do I configure to provide email rights via corporate exchange with no network rights for that user.

I have the forwarding function working just fine, what I would like to do is give the ability for a remote user to send email via a corporate exchange server without giving that user rights of any type to the corporate network. In other words I want the email this users sends to appear to have come from the corporate exchange server and to have a return address from the corporate server without granting this user network access.
Who is Participating?
SembeeConnect With a Mentor Commented:
If the user has an email account elsewhere, then you can do is very easily.
Setup a mail enabled contact with two email addresses on it. The internal address (@yourdomain) and the external address (@theirisp).
Then ask the user to configure Outlook Express or whatever to send email via their ISPs SMTP server. Configure the From address in Outlook Express to be the address at your domain.

The user doesn't come anywhere near your network, but can still send email as being from your domain.

I am confused with the question....

First i would like to know the client the user would try to connect to the corporate exchange server and what is the right you wish to restrict.

add the new domain user to AD, remove their account from domain users. Make them a exchange mailbox

That should give them little to no access. Also make sure you dont have "everyone" listed as a permision on your servers.
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

oh ya you will need to make a new group "limited" or something like that. make that group the new users primary group and remove them from domain users
Sembee, in this setup wont the NDRs show the person's isp email address to the email sender and not the @yourdomain?

I had a similor issue my self .. i had to send NDR's to distro group owner. We did not want clients knowing that our some of our users had their exchange email fowarded to their personal emails

Am i reading the comment wrong, or is the NDR issue true in your case?
What NDRs are you talking about?
As long as everything is setup correctly, no NDRs should be generated.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.