none
Exchange Users with no Domain Logon Rights? RRS feed

  • Question

  • Hi everyone,

    We have serveral dozen users that we need to have Exchange accounts created for, however, they are not domain users. Is it possible to create Exchange users but have their AD accounts only be used for Exchange (i.e. no logon rights or any other rights period)?

    Thanks.

    Tuesday, July 26, 2011 8:53 PM

All replies

    1. Yes, why not just leave the default group which is domain users for this user account so that they can logon to a PC to access the mailbox via Outlook.
    2. Or provide OWA access and disable MAPI.
    3. Or let them use Outlook Anywhere/RPC over HTTP.
    4. Then they are pretty much restricted to mailbox access only.

    Sukh
    Tuesday, July 26, 2011 10:32 PM
  • Hi,

     

    If you want to create Exchange Users but their AD accounts only be used for Exchange, you can create shared mailboxes for that users. Since shared mailbox required AD account disabled, the user will not have logon right or other rights period.

     

    This mailbox isn't associated with any of the users that can log on. It's associated with a disabled user account.

     

    How to create shared mailboxes:

     

    Shared Mailboxes

    http://blogs.technet.com/b/sjimmie/archive/2008/07/10/shared-mailboxes.aspx

     

    Thanks,

     

    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Wednesday, July 27, 2011 2:10 AM
    Moderator
    1. Yes, why not just leave the default group which is domain users for this user account so that they can logon to a PC to access the mailbox via Outlook.
    2. Or provide OWA access and disable MAPI.
    3. Or let them use Outlook Anywhere/RPC over HTTP.
    4. Then they are pretty much restricted to mailbox access only.

    Sukh


    These are users that are not on our corporate domain (off site users and contractors for instance) so giving them full domain logon rights is not an options, but they still need full access to their Exchange email accounts.

     

    Wednesday, July 27, 2011 1:10 PM
  • Hi,

    The users will need to logon to access their mailboxes - no way around that.

    Leif

    Wednesday, July 27, 2011 1:21 PM
    1. Well how do you expect them to logon to their mailbox, You will need an account.
    2. Have you looked at points 2 & 3?
    3. Also depends where they will login from?
    4. You could restrict their AD accounts by setting Logon restrictions to a workstation or a dummy workstation.
    5. Can also consider using POP3 or IMAP, but I'd recommend the other options.

    Sukh
    Wednesday, July 27, 2011 1:24 PM
  • Hi

     

    You can use Linked Mailbox to help you on this issue.

     

    A linked mailbox is a mailbox associated with an external account. The resource forest scenario is an example of when you would want to associate a mailbox with an external account. In a resource forest scenario, user objects in the Exchange forest have mailboxes, but the user objects are disabled for logon. You must associate these disabled user accounts in the Exchange forest with enabled user objects in the external accounts forest.

     

    For linked mailbox, it user account is disabled in the AD forest, you can use other external account (in another forest) to login the mailboxes.

     

    You can know more information about linked mailbox from this document:

     

    Create a Linked Mailbox

    http://technet.microsoft.com/en-us/library/bb123524.aspx

     

    Thanks,

     

    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  


    Thursday, July 28, 2011 5:30 AM
    Moderator
  • Hi,

     

    Any updates on this issue?

     

    Thanks,

     

    Evan Liu

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact tngfb@microsoft.com  

    Wednesday, August 3, 2011 1:41 AM
    Moderator