elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/html/cloud-ad.preparations.html

182 lines
8.1 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Preparations for using Microsoft Active Directory as iRedMail backend</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
&nbsp;&nbsp;//&nbsp;&nbsp;<a href="./index.html">Document Index</a></div><h1 id="preparations-for-using-microsoft-active-directory-as-iredmail-backend">Preparations for using Microsoft Active Directory as iRedMail backend</h1>
<div class="toc">
<ul>
<li><a href="#preparations-for-using-microsoft-active-directory-as-iredmail-backend">Preparations for using Microsoft Active Directory as iRedMail backend</a><ul>
<li><a href="#summary">Summary</a></li>
<li><a href="#create-read-only-account-vmail">Create read-only account: vmail</a><ul>
<li><a href="#grant-privileges">Grant privileges</a></li>
</ul>
</li>
<li><a href="#create-read-write-account-vmailadmin">Create read-write account: vmailadmin</a><ul>
<li><a href="#grant-privileges_1">Grant privileges</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<h2 id="summary">Summary</h2>
<p>To query mail accounts against Microsoft Active Directory, we need a LDAP
user account which can query the Active Directory.</p>
<p>In this tutorial, we will show you how to</p>
<ul>
<li>create account <code>vmail</code> with read-only privilege used to query mail accounts</li>
<li>create account <code>vmailadmin</code> with read-write privileges used to query and
manage mail accounts.</li>
</ul>
<p>This tutorial has been tested on Windows Server 2012, but it should work for
all Windows Server versions.</p>
<h2 id="create-read-only-account-vmail">Create read-only account: vmail</h2>
<ul>
<li>Click <code>Start</code> on bottom-left corner of your Windows OS, click <code>Server Manager</code>.</li>
</ul>
<p><img alt="" src="./images/ad/start-server-manager.png" /></p>
<ul>
<li>Click <code>Tools</code> on top-right corner, click <code>Active Directory Domains and Trusts</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_1.png" /></p>
<ul>
<li>Right click your AD domain, then click <code>Manage</code>. It will show you a new window.
In this example, it's domain <code>iredmail.org</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_2.png" /></p>
<ul>
<li>In the new windows, right click on item <code>Users</code>, select <code>New -&gt; User</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_3.png" /></p>
<ul>
<li>Input <code>vmail</code> in <code>User logon name</code> field, and fill other fields, then click <code>Next</code>.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_1.png" /></p>
<ul>
<li>Input a strong password for <code>vmail</code> user, make sure option <code>Password never
expires</code> is checked, and uncheck other 3 options. Then click <code>Next</code>.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_2.png" /></p>
<ul>
<li>Click <code>Finish</code> to finish account creation.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_3.png" /></p>
<h3 id="grant-privileges">Grant privileges</h3>
<p>We need to grant <code>vmail</code> user required privileges.</p>
<p>In the <code>Active Directory Users and Computers</code> window, right click your AD
domian name (in our example it's <code>iredmail.org</code>), and select <code>Delegate Control...</code>.</p>
<p><img alt="" src="./images/ad/create_ad_account_4.png" /></p>
<ul>
<li>Click <code>Next</code>. </li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_5.png" /></p>
<ul>
<li>Click <code>Add</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_6.png" /></p>
<ul>
<li>Input read-only account <code>vmail</code>, and click <code>OK</code>.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_4.png" /></p>
<ul>
<li>Click <code>Next</code>.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_5.png" /></p>
<ul>
<li>Select <code>"Read all user information"</code>, click <code>Next</code>.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_6.png" /></p>
<ul>
<li>Click <code>Finish</code> to confirm.</li>
</ul>
<p><img alt="" src="./images/ad/read_only_account_7.png" /></p>
<h2 id="create-read-write-account-vmailadmin">Create read-write account: vmailadmin</h2>
<p>This account is used to manage mail accounts.</p>
<ul>
<li>Click <code>Start</code> on bottom-left corner of your Windows OS, click <code>Server Manager</code>.</li>
</ul>
<p><img alt="" src="./images/ad/start-server-manager.png" /></p>
<ul>
<li>Click <code>Tools</code> on top-right corner, click <code>Active Directory Domains and Trusts</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_1.png" /></p>
<ul>
<li>Right click your AD domain, then click <code>Manage</code>. In this example, it's domain <code>iredmail.org</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_2.png" /></p>
<ul>
<li>At the new windows, right click <code>Users</code> --&gt; <code>New</code> --&gt; <code>User</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_3.png" /></p>
<ul>
<li>Input <code>vmailadmin</code> in <code>User logon name</code> field, and fill other fields, then click Next.</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_1.png" /></p>
<ul>
<li>Input a strong password for user <code>vmailadmin</code>, make sure option <code>Password never expires</code> is checked, click <code>Next</code>.</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_2.png" /></p>
<ul>
<li>Click <code>Finish</code> to finish account creation.</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_3.png" /></p>
<h3 id="grant-privileges_1">Grant privileges</h3>
<p>Account <code>vmailadmin</code> has been created, we need to grant it more privileges than <code>vmail</code> user.</p>
<p>In the Active Directory Users and Computers window, right click your AD domian
and select <code>Delegate Control...</code>. In this example, it's domain <code>iredmail.org</code>, </p>
<p><img alt="" src="./images/ad/create_ad_account_4.png" /></p>
<ul>
<li>Click <code>Next</code>. </li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_5.png" /></p>
<ul>
<li>Click <code>Add</code>.</li>
</ul>
<p><img alt="" src="./images/ad/create_ad_account_6.png" /></p>
<ul>
<li>Input account name <code>vmailadmin</code>, and click <code>OK</code>.</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_4.png" /></p>
<ul>
<li>Click <code>Next</code>.</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_5.png" /></p>
<ul>
<li>Select tasks listed below, then click <code>Next</code>:<ul>
<li><code>Createdelete, and manage user accounts</code></li>
<li><code>Reset user passowords and force password change at next logon</code></li>
<li><code>Read all user information</code></li>
<li><code>Modify the membership of a group</code></li>
</ul>
</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_6.png" /></p>
<ul>
<li>Click <code>Finish</code>.</li>
</ul>
<p><img alt="" src="./images/ad/admin_account_7.png" /></p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://bitbucket.org/zhb/iredmail-docs/src">BitBucket repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div>
<!-- Global site tag (gtag.js) - Google Analytics -->
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-3293801-21"></script>
<script>
window.dataLayer = window.dataLayer || [];
function gtag(){dataLayer.push(arguments);}
gtag('js', new Date());
gtag('config', 'UA-3293801-21');
</script>
</body></html>
Reference in New Issue View Git Blame Copy Permalink