To query mail accounts against Microsoft Active Directory, we need a LDAP user account which can query the Active Directory.
In this tutorial, we will show you how to
vmail
with read-only privilege used to query mail accountsvmailadmin
with read-write privileges used to query and
manage mail accounts.This tutorial has been tested on Windows Server 2012, but it should work for all Windows Server versions.
Start
on bottom-left corner of your Windows OS, click Server Manager
.Tools
on top-right corner, click Active Directory Domains and Trusts
.iredmail.org
, then click Manage
. It
will show you a new window.Users
, select New -> User
.vmail
as User logon name
, and fill other fields, then click Next
.vmail
user, toggle on Password never expires
,
and uncheck other 3 options. Then click Next
.Finish
to finish account creation.Now we need to grant vmail
user required privileges.
In the Active Directory Users and Computers
window, right click your AD
domian name (in our example it's iredmail.org
), and select Delegate Control...
.
Next
. Add
.vmail
, and click Ok
.Next
."Read all user information"
, click Next
.Finish
to confirm.vmail
created.Start
on bottom-left corner of your Windows OS, click Server Manager
.Tools
on top-right corner, click Active Directory Domains and Trusts
.iredmail.org
, then click Manage
.Users
--> New
--> User
.vmailadmin
account info, click Next
.vmailadmin
account passowrd, and select Password never expires
, click Next
.Finish
to finish account creation.vmailadmin
has created, we will set read-only permission for vmail
, right click your AD domian here is iredmail.org
, and select Delegate Control...
.Next
. Add
.vmailadmin
, and click Ok
.Next
."Create,delete, and manage user accounts"
, "Reset user passowords and force password change at next logon"
, "Read all user information"
, click Next
.Finish
.vmailadmin
created.