Exchange Users with no Domain Logon Rights?
Hi everyone, We have serveral dozen users that we need to have Exchange accounts created for, however, they are not domain users. Is it possible to create Exchange users but have their AD accounts only be used for Exchange (i.e. no logon rights or any other rights period)? Thanks.
July 26th, 2011 4:59pm

Yes, why not just leave the default group which is domain users for this user account so that they can logon to a PC to access the mailbox via Outlook. Or provide OWA access and disable MAPI. Or let them use Outlook Anywhere/RPC over HTTP. Then they are pretty much restricted to mailbox access only. Sukh
Free Windows Admin Tool Kit Click here and download it now
July 26th, 2011 6:38pm

Hi J Dig, If you want to create Exchange Users but their AD accounts only be used for Exchange, you can create shared mailboxes for that users. Since shared mailbox required AD account disabled, the user will not have logon right or other rights period. This mailbox isn't associated with any of the users that can log on. It's associated with a disabled user account. How to create shared mailboxes: Shared Mailboxes http://blogs.technet.com/b/sjimmie/archive/2008/07/10/shared-mailboxes.aspx Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
July 26th, 2011 10:16pm

Hi, If you want to create Exchange Users but their AD accounts only be used for Exchange, you can create shared mailboxes for that users. Since shared mailbox required AD account disabled, the user will not have logon right or other rights period. This mailbox isn't associated with any of the users that can log on. It's associated with a disabled user account. How to create shared mailboxes: Shared Mailboxes http://blogs.technet.com/b/sjimmie/archive/2008/07/10/shared-mailboxes.aspx Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 5:10am

Yes, why not just leave the default group which is domain users for this user account so that they can logon to a PC to access the mailbox via Outlook. Or provide OWA access and disable MAPI. Or let them use Outlook Anywhere/RPC over HTTP. Then they are pretty much restricted to mailbox access only. Sukh These are users that are not on our corporate domain (off site users and contractors for instance) so giving them full domain logon rights is not an options, but they still need full access to their Exchange email accounts.
July 27th, 2011 9:15am

Hi, The users will need to logon to access their mailboxes - no way around that. Leif
Free Windows Admin Tool Kit Click here and download it now
July 27th, 2011 9:26am

Well how do you expect them to logon to their mailbox, You will need an account. Have you looked at points 2 & 3? Also depends where they will login from? You could restrict their AD accounts by setting Logon restrictions to a workstation or a dummy workstation. Can also consider using POP3 or IMAP, but I'd recommend the other options. Sukh
July 27th, 2011 9:29am

Hi J Dig, You can use Linked Mailbox to help you on this issue. A linked mailbox is a mailbox associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the external accounts forest. For linked mailbox, it user account is disabled in the AD forest, you can use other external account (in another forest) to login the mailboxes. You can know more information about linked mailbox from this document: Create a Linked Mailbox http://technet.microsoft.com/en-us/library/bb123524.aspx Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
July 28th, 2011 1:35am

Hi You can use Linked Mailbox to help you on this issue. A linked mailbox is a mailbox associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the external accounts forest. For linked mailbox, it user account is disabled in the AD forest, you can use other external account (in another forest) to login the mailboxes. You can know more information about linked mailbox from this document: Create a Linked Mailbox http://technet.microsoft.com/en-us/library/bb123524.aspx Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
July 28th, 2011 8:30am

Hi, Any updates on this issue? Thanks, Evan Liu TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 9:48pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics