3.7 KiB
3.7 KiB
Preparations for using Microsoft Active Directory as iRedMail backend
[TOC]
Summary
To query mail accounts against Microsoft Active Directory, we need a LDAP user account which can query the Active Directory.
In this tutorial, we will show you how to
- create account
vmail
with read-only privilege used to query mail accounts - create account
vmailadmin
with read-write privileges used to query and manage mail accounts.
This tutorial has been tested on Windows Server 2012, but it should work for all Windows Server versions.
Create read-only account: vmail
- Click
Start
on bottom-left corner of your Windows OS, clickServer Manager
.
- Click
Tools
on top-right corner, clickActive Directory Domains and Trusts
.
- Right click your AD domain, here is
iredmail.org
, then clickManage
. It will show you a new window.
- In the new windows, right click on item
Users
, selectNew -> User
.
- Input
vmail
inUser logon name
field, and fill other fields, then clickNext
.
- Input a strong password for
vmail
user, toggle onPassword never expires
, and uncheck other 3 options. Then clickNext
.
- Click
Finish
to finish account creation.
Now we need to grant vmail
user required privileges.
In the Active Directory Users and Computers
window, right click your AD
domian name (in our example it's iredmail.org
), and select Delegate Control...
.
- Click
Next
.
- Click
Add
.
- Input read-only account
vmail
, and clickOk
.
- Click
Next
.
- Select
"Read all user information"
, clickNext
.
- Click
Finish
to confirm.
- Low-privileged account
vmail
created.
Create admin account.
- Click
Start
on bottom-left corner of your Windows OS, clickServer Manager
.
- Click
Tools
on top-right corner, clickActive Directory Domains and Trusts
.
- Right click your AD domain, here is
iredmail.org
, then clickManage
.
- At the new windows, right click
Users
-->New
-->User
.
- Input
vmailadmin
account info, clickNext
.
- Input
vmailadmin
account passowrd, and selectPassword never expires
, clickNext
.
- Click
Finish
to finish account creation.
- Now account
vmailadmin
has created, we will set read-only permission forvmail
, right click your AD domian here isiredmail.org
, and selectDelegate Control...
.
- Click
Next
.
- Click
Add
.
- Input admin account
vmailadmin
, and clickOk
.
- Click
Next
.
- Select
"Create,delete, and manage user accounts"
,"Reset user passowords and force password change at next logon"
,"Read all user information"
, clickNext
.
- Click
Finish
.
- Low-privileged account
vmailadmin
created.