Solved

Would like to utilize account in Active Directory only for e-mail and would like to disable logon functionality

Posted on 2008-10-22
7
231 Views
Last Modified: 2010-08-05
At my organization there are a bunch of accounts in the AD that are only used for their mailbox.  For example, if the marketing department needed to have a mailbox created for magazine orders, we would just create new user in AD named something like "magazines".  By default, when you're going through the new user wizard in AD, it asks you if you'd like to create a mailbox for this user.  Since for this example, the marketing dept. will want multiple users to be able to open the shared mailbox for "magazines", we would just type in "magazines@domain.com".  Then we would give say... 5 users permissions to view the "magazines@domain.com" mailbox and then everyone would be happy.

However, I've been questioning this process and it just doesn't seem right... because by creating a new user in AD, you're making a new login account as well when we only need a new mailbox to be created.  Is there a better way to do this?  When you go into AD and right-click on the "users" organizational unit and click on "new", you can choose the following:

Computer
Contact
Group
InetOrgPerson
MSMQ Queue Alias
Printer
User
Shared Folder

If there was an option to do a new "Mailbox" then that would be exactly what I'm looking for, but it doesn't seem like you can just create a new mailbox...  

I just don't like how I have a ton of accounts in the AD that are only used to access it's mailbox when anyone could go on a computer and just type in "magazines" as the user account (for example) and then type in a password and get on (if they know it or guess it).
0
Comment
Question by:Swamp_Thing
  • 4
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
robrandon earned 150 total points
ID: 22777326
For the accounts that you want to have mailboxes, but not allow the accounts to logon, go into AD and the properties of the account.  Go to the Account tab and click the "Logon Hours..." button.  Deny the logon for all times.

You can also try something similar with the "Log On To..." button, by specifying specific computers but not selecting any.


0
 
LVL 2

Author Comment

by:Swamp_Thing
ID: 22777528
So there's no way to just create an Exchange mailbox?  I don't need the account to be able to log into the domain.
0
 
LVL 16

Expert Comment

by:robrandon
ID: 22777563
No.

You can create a public folder and give the public folder an email address.  That way the emails will go there and you can grant appropriate rights to the folder.

0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 2

Author Comment

by:Swamp_Thing
ID: 22777800
I'm going to try this now and see if that will work ok, it sounds like it will.  I'll post back in a few minutes.
0
 
LVL 2

Author Comment

by:Swamp_Thing
ID: 22777887
Hmmm... not sure where or how I would do this.  Would I be creating the new "public folder" in AD or within Outlook?
0
 
LVL 16

Assisted Solution

by:robrandon
robrandon earned 150 total points
ID: 22777983
Within Outlook/Exchange.

The easiest way is to go into Exchange System Manager.  You can find Folders - Public Folders under the Administrative Groups.  Create a folder there.  Then, right-click the folder, and choose Mail Enable.  

Also, right-click the folder, choose properties, and set the Permissions.

0
 
LVL 2

Author Comment

by:Swamp_Thing
ID: 22779525
Ok, I did that and I was able to create a test public folder and give it an e-mail address.

However, the number of unread items doesn't appear next to the public folder.  If there were 10 unread e-mails in there, the user wouldn't know unless they opened the folder.  Being able to be mapped to a mailbox as opposed to a public folder seems to work better in my application.

Therefore, I will accept your answer in which you said I could just set the logon hours for the accounts that are just being used for their mailbox.  Thanks for the help!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question