Add doc for create ad account and set permissions.
|
@ -0,0 +1,149 @@
|
|||
# Create AD account for iRedMail
|
||||
[TOC]
|
||||
|
||||
## Summary
|
||||
With iRedMail (ad backend), we need two accounts, admin account with all privileges, low-privileged account with read-only privilege.
|
||||
In this tutorial, we will show you how to create account in AD, with strong and complex password.
|
||||
|
||||
- low-privileged account `vmail`.
|
||||
- admin account `vmailadmin`.
|
||||
|
||||
This tutorial has been tested on:
|
||||
|
||||
- Windows Server 2012
|
||||
|
||||
If it works for you on different Windows Server version, please let us know.
|
||||
|
||||
## Create low-privileged account.
|
||||
|
||||
- Click `Start` on bottom-left corner of your Windows OS, click `Server Manager`.
|
||||
|
||||
![](./images/create.ad.account/start-server-manager.png)
|
||||
|
||||
- Click `Tools` on top-right corner, click `Active Directory Domains and Trusts`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_1.png)
|
||||
|
||||
- Right click your AD domain, here is `iredmail.org`, then click `Manage`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_2.png)
|
||||
|
||||
- At the new windows, right click `Users` --> `New` --> `User`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_3.png)
|
||||
|
||||
- Input `vmail` account info, click `Next`.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_1.png)
|
||||
|
||||
- Input `vmail` account passowrd, and select `Password never expires`, click `Next`.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_2.png)
|
||||
|
||||
|
||||
- Click `Finish` to confirm.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_3.png)
|
||||
|
||||
|
||||
- Now account `vmail` has created, we will set read-only permission for `vmail`, right click your AD domian here is `iredmail.org`, and select `Delegate Control...`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_4.png)
|
||||
|
||||
|
||||
- Click `Next`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_5.png)
|
||||
|
||||
|
||||
- Click `Add`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_6.png)
|
||||
|
||||
|
||||
- Input read-only account `vmail`, and click `Ok`.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_4.png)
|
||||
|
||||
|
||||
- Click `Next`.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_5.png)
|
||||
|
||||
- Select `"Read all user information"`, click `Next`.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_6.png)
|
||||
|
||||
|
||||
- Click `Finish` to confirm.
|
||||
|
||||
![](./images/create.ad.account/read_only_account_7.png)
|
||||
|
||||
- Low-privileged account `vmail` created.
|
||||
|
||||
|
||||
## Create admin account.
|
||||
|
||||
- Click `Start` on bottom-left corner of your Windows OS, click `Server Manager`.
|
||||
|
||||
![](./images/create.ad.account/start-server-manager.png)
|
||||
|
||||
- Click `Tools` on top-right corner, click `Active Directory Domains and Trusts`.
|
||||
![](./images/create.ad.account/create_ad_account_1.png)
|
||||
|
||||
- Right click your AD domain, here is `iredmail.org`, then click `Manage`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_2.png)
|
||||
|
||||
- At the new windows, right click `Users` --> `New` --> `User`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_3.png)
|
||||
|
||||
- Input `vmailadmin` account info, click `Next`.
|
||||
|
||||
![](./images/create.ad.account/admin_account_1.png)
|
||||
|
||||
- Input `vmailadmin` account passowrd, and select `Password never expires`, click `Next`.
|
||||
|
||||
![](./images/create.ad.account/admin_account_2.png)
|
||||
|
||||
|
||||
- Click `Finish` to confirm.
|
||||
|
||||
![](./images/create.ad.account/admin_account_3.png)
|
||||
|
||||
|
||||
- Now account `vmailadmin` has created, we will set read-only permission for `vmail`, right click your AD domian here is `iredmail.org`, and select `Delegate Control...`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_4.png)
|
||||
|
||||
|
||||
- Click `Next`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_5.png)
|
||||
|
||||
|
||||
- Click `Add`.
|
||||
|
||||
![](./images/create.ad.account/create_ad_account_6.png)
|
||||
|
||||
|
||||
- Input admin account `vmailadmin`, and click `Ok`.
|
||||
|
||||
![](./images/create.ad.account/admin_account_4.png)
|
||||
|
||||
|
||||
- Click `Next`.
|
||||
|
||||
![](./images/create.ad.account/admin_account_5.png)
|
||||
|
||||
- Select `"Create,delete, and manage user accounts"`, `"Reset user passowords and force password change at next logon"`, `"Read all user information"`, click `Next`.
|
||||
|
||||
![](./images/create.ad.account/admin_account_6.png)
|
||||
|
||||
|
||||
- Click `Finish` to confirm.
|
||||
|
||||
![](./images/create.ad.account/admin_account_7.png)
|
||||
|
||||
- Low-privileged account `vmailadmin` created.
|
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 16 KiB |
After Width: | Height: | Size: 22 KiB |
After Width: | Height: | Size: 36 KiB |
After Width: | Height: | Size: 68 KiB |
After Width: | Height: | Size: 19 KiB |
After Width: | Height: | Size: 47 KiB |
After Width: | Height: | Size: 50 KiB |
After Width: | Height: | Size: 43 KiB |
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 31 KiB |
After Width: | Height: | Size: 30 KiB |
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 32 KiB |
After Width: | Height: | Size: 47 KiB |
After Width: | Height: | Size: 8.3 KiB |