In order to avoid creating generic AD account when people ask for generic email accounts, we would like to know if there is a way to be able to deny the generic account to be use to logon but not removing the access of getting to the mailbox linked with the account.
We are currently solving this via Public folders but we are looking for something different.
So for example:
Request comes like: Create email account firstname.lastname@example.org
In order to create a regular mailbox we have to create an account named saleorders in AD and then the mailbox. This is a problem because then the AD account salesorders can be use to logon on any workstation.
So we would like the account to be locked down and the mailbox accessible.