Would like to utilize account in Active Directory only for e-mail and would like to disable logon functionality
Posted on 2008-10-22
At my organization there are a bunch of accounts in the AD that are only used for their mailbox. For example, if the marketing department needed to have a mailbox created for magazine orders, we would just create new user in AD named something like "magazines". By default, when you're going through the new user wizard in AD, it asks you if you'd like to create a mailbox for this user. Since for this example, the marketing dept. will want multiple users to be able to open the shared mailbox for "magazines", we would just type in "firstname.lastname@example.org". Then we would give say... 5 users permissions to view the "email@example.com" mailbox and then everyone would be happy.
However, I've been questioning this process and it just doesn't seem right... because by creating a new user in AD, you're making a new login account as well when we only need a new mailbox to be created. Is there a better way to do this? When you go into AD and right-click on the "users" organizational unit and click on "new", you can choose the following:
MSMQ Queue Alias
If there was an option to do a new "Mailbox" then that would be exactly what I'm looking for, but it doesn't seem like you can just create a new mailbox...
I just don't like how I have a ton of accounts in the AD that are only used to access it's mailbox when anyone could go on a computer and just type in "magazines" as the user account (for example) and then type in a password and get on (if they know it or guess it).