To query mail accounts against Microsoft Active Directory, we need a LDAP user account which can query the Active Directory.
In this tutorial, we will show you how to
vmail
with read-only privilege used to query mail accountsvmailadmin
with read-write privileges used to query and
manage mail accounts.This tutorial has been tested on Windows Server 2012, but it should work for all Windows Server versions.
Start
on bottom-left corner of your Windows OS, click Server Manager
.Tools
on top-right corner, click Active Directory Domains and Trusts
.Manage
. It will show you a new window.
In this example, it's domain iredmail.org
.Users
, select New -> User
.vmail
in User logon name
field, and fill other fields, then click Next
.vmail
user, make sure option Password never
expires
is checked, and uncheck other 3 options. Then click Next
.Finish
to finish account creation.We need to grant vmail
user required privileges.
In the Active Directory Users and Computers
window, right click your AD
domian name (in our example it's iredmail.org
), and select Delegate Control...
.
Next
.Add
.vmail
, and click OK
.Next
."Read all user information"
, click Next
.Finish
to confirm.This account is used to manage mail accounts.
Start
on bottom-left corner of your Windows OS, click Server Manager
.Tools
on top-right corner, click Active Directory Domains and Trusts
.Manage
. In this example, it's domain iredmail.org
.Users
--> New
--> User
.vmailadmin
in User logon name
field, and fill other fields, then click Next.vmailadmin
, make sure option Password never expires
is checked, click Next
.Finish
to finish account creation.Account vmailadmin
has been created, we need to grant it more privileges than vmail
user.
In the Active Directory Users and Computers window, right click your AD domian
and select Delegate Control...
. In this example, it's domain iredmail.org
,
Next
.Add
.vmailadmin
, and click OK
.Next
.Next
:Create,delete, and manage user accounts
Reset user passowords and force password change at next logon
Read all user information
Modify the membership of a group
Finish
.iRedMail Cloud Deployment Platform does not store any password on its servers,
instead, it reads passwords from different files which are stored under
/root/.iredmail/kv/
on YOUR server. So you need to create few files to store
vmail
and vmailadmin
account passwords on the iRedMail server you're going
to integrate with Active Directory.
Please login to your iRedMail server first, then:
Create directory /root/.iredmail/kv/
with command below (NOTE: You may need
sudo
privilege if you're not root user):
mkdir -p /root/.iredmail/kv
Create file /root/.iredmail/kv/ad_ldap_vmail_password
, input password of
vmail
user in the file. Do not leave any comment lines or other characters
in the file.
/root/.iredmail/kv/ad_ldap_vmailadmin_password
, input password
of vmailadmin
user in the file. Do not leave any comment lines or other characters
in the file.