iRedMail
// Document IndexTo query mail accounts against Microsoft Active Directory, we need a LDAP user account which can query the Active Directory.
In this tutorial, we will show you how to
vmail with read-only privilege used to query mail accountsvmailadmin with read-write privileges used to query and
manage mail accounts.This tutorial has been tested on Windows Server 2012, but it should work for all Windows Server versions.
Start on bottom-left corner of your Windows OS, click Server Manager.
Tools on top-right corner, click Active Directory Domains and Trusts.
iredmail.org, then click Manage. It
will show you a new window.
Users, select New -> User.
vmail as User logon name, and fill other fields, then click Next.
vmail user, toggle on Password never expires,
and uncheck other 3 options. Then click Next.
Finish to finish account creation.
Now we need to grant vmail user required privileges.
In the Active Directory Users and Computers window, right click your AD
domian name (in our example it's iredmail.org), and select Delegate Control....
Next. 
Add.
vmail, and click Ok.
Next.
"Read all user information", click Next.
Finish to confirm.
vmail created.Start on bottom-left corner of your Windows OS, click Server Manager.
Tools on top-right corner, click Active Directory Domains and Trusts.
iredmail.org, then click Manage.
Users --> New --> User.
vmailadmin account info, click Next.
vmailadmin account passowrd, and select Password never expires, click Next.
Finish to finish account creation.
vmailadmin has created, we will set read-only permission for vmail, right click your AD domian here is iredmail.org, and select Delegate Control....
Next.
Add.
vmailadmin, and click Ok.
Next.
"Create,delete, and manage user accounts", "Reset user passowords and force password change at next logon", "Read all user information", click Next.
Finish.
vmailadmin created.