elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
iredmail-doc/en_US/cloud/0-cloud-ad.preparations.md

3.7 KiB
Raw Blame History

Preparations for using Microsoft Active Directory as iRedMail backend

[TOC]

Summary

To query mail accounts against Microsoft Active Directory, we need a LDAP user account which can query the Active Directory.

In this tutorial, we will show you how to

  • create account vmail with read-only privilege used to query mail accounts
  • create account vmailadmin with read-write privileges used to query and manage mail accounts.

This tutorial has been tested on Windows Server 2012, but it should work for all Windows Server versions.

Create read-only account: vmail

  • Click Start on bottom-left corner of your Windows OS, click Server Manager.

  • Click Tools on top-right corner, click Active Directory Domains and Trusts.

  • Right click your AD domain, here is iredmail.org, then click Manage. It will show you a new window.

  • In the new windows, right click on item Users, select New -> User.

  • Input vmail as User logon name, and fill other fields, then click Next.

  • Input a strong password for vmail user, toggle on Password never expires, and uncheck other 3 options. Then click Next.

  • Click Finish to finish account creation.

Now we need to grant vmail user required privileges.

In the Active Directory Users and Computers window, right click your AD domian name (in our example it's iredmail.org), and select Delegate Control....

  • Click Next.

  • Click Add.

  • Input read-only account vmail, and click Ok.

  • Click Next.

  • Select "Read all user information", click Next.

  • Click Finish to confirm.

  • Low-privileged account vmail created.

Create admin account.

  • Click Start on bottom-left corner of your Windows OS, click Server Manager.

  • Click Tools on top-right corner, click Active Directory Domains and Trusts.

  • Right click your AD domain, here is iredmail.org, then click Manage.

  • At the new windows, right click Users --> New --> User.

  • Input vmailadmin account info, click Next.

  • Input vmailadmin account passowrd, and select Password never expires, click Next.

  • Click Finish to finish account creation.

  • Now account vmailadmin has created, we will set read-only permission for vmail, right click your AD domian here is iredmail.org, and select Delegate Control....

  • Click Next.

  • Click Add.

  • Input admin account vmailadmin, and click Ok.

  • Click Next.

  • Select "Createdelete, and manage user accounts", "Reset user passowords and force password change at next logon", "Read all user information", click Next.

  • Click Finish.

  • Low-privileged account vmailadmin created.