password access from Outlook to Exchange for just two users

At a certain small office most users don't have to enter passwords to access exchange from their outlook. Its controlled by their windows login. But two of the users wish to have to enter a different password in order to access exchange. The rest are happy with the way it is. How do I do that? Exchange Server 2010.
Peter HeinickeCEOAsked:
Who is Participating?
 
VB ITSSpecialist ConsultantCommented:
Create a new dummy account and attach it to that. What I tend to do is create the account in a separate OU (as this will let you use the same display name) but use a different username and mailbox alias.

Consider the following:
The user account for John Doe is in located in domain.com\Company\Users in Active Directory Users and Computers
The username for John Doe is john
The mailbox alias for John Doe is john

I would then create a dummy account for John Doe using the below details:
Create a new account for John Doe in domain.com\Company\Mailboxes in Active Directory Users and Computers (create the Mailboxes Organizational Unit if it doesn't exist)
Assign a new account with the username john.doe (as usernames are unique) for both the user logon name and pre-Windows 2000 user logon name
Assign this account the mailbox alias of john.doe

Set up a new Outlook profile to connect to the new john.doe dummy mailbox and configure Outlook to prompt for which profile to use. As the john account won't have access to the john.doe mailbox, the user will be prompted for the username and password for the john.doe account.

If this works, you will then need to export the contents of the john mailbox then import them into the john.doe mailbox as well as the email addresses.
You'll also need to configure Outlook to always launch the profile for john.doe going forward.

Bit of a pain setting it up but it'll do what you want.

May I ask what is pre-empting this request? Do these two users have concerns regarding security of some sort? Just wondering why the strange request.
0
 
Simon Butler (Sembee)ConsultantCommented:
Outlook can only use the AD domain for authentication.
Therefore the only way you can do it is to have two accounts - one for Windows login and one for email. The Windows login would not have any permissions on the email account, so they have to login to it.

Simon.
0
 
SEHCCommented:
HI

if you are using outlook anywhere you can set it to connect via slow and fast networks and that will ask for there login and passwords all the time.  

other then that Simon would be correct.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Simon Butler (Sembee)ConsultantCommented:
It will only prompt for a password if you use basic authentication. If you use integrated authentication then it will not.
Furthermore, Autodiscover will remove the entry to use Outlook Anywhere on fast connections.

Simon.
0
 
VB ITSSpecialist ConsultantCommented:
You can create a separate mailbox with a different password, and then create a new Outlook profile for this new mailbox on the two users' machines. As their account won't have access to these new mailboxes by default they'll be prompted for credentials when they open Outlook.

You can then look at importing their emails and email addresses to this separate mailbox.
0
 
Peter HeinickeCEOAuthor Commented:
Here's what I did which was not that great. I checked the "Always prompt for Login Credentials" in the outlook security tab for the account. Then, I had to change the username to the windows username domain\user in order to connect from outlook. This still lets me see the already received mail if I can't connect so it isn't that great, but the users can't then get any more email that hasn't been received yet.

VB ITS: Which group in EMC do I add the email account to which is not connected to an AD user? I have Windows Server 2011 SBS.
0
 
Peter HeinickeCEOAuthor Commented:
Yes, it is sort of an internal politics sort of thing. As long as the users are part of the organization, management wants to give them some privacy or at least a feeling of privacy. If they leave, management wants to be able to read their emails.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.