ZCS Administrator's Guide, Network Edition 4.0
Table of Contents Previous Next Index


Managing User Accounts

Managing User Accounts
Managing User accounts includes creating account, Managing accounts in the Zimbra system includes creating accounts and adding and changing features easily from the administration console or by using the command-line tools.
From the administration console you can manage user accounts as follows:
Find a specific account using the Search feature
See the Managing End-User Mailbox Features, for descriptions of the mailbox features that can be configured.
You can move a mailbox using the CLI zmmailboxmove command.
Using Search
Search is used to quickly locate individual accounts, aliases, distribution lists, and resources on the LDAP server. Search by display name, first name, last name, the first part of the email address, alias, or delivery address. If you do not know the complete name, you can enter a partial name. Partial names can result in a list that has the partial name string anywhere in the information.
You can also use the Zimbra mailbox ID number to search for an account. To return a search from a mailbox ID, the complete ID string must be entered in the search.
Adding user accounts
If you are using the administration console, the New Account Wizard steps you through the account information to be completed. Before you add an user account, you should determine what features and access privileges should be assigned. You configure the following type of information:
Features and preferences available for this specific account. Changes made at the account level override the rules in the COS assigned to the account.
Creating an account sets up the appropriate entries on the Zimbra LDAP directory server. When the end-user logs in for the first time or when an email is delivered to the user’s account, the mailbox is created on the mailbox server.
Batch Provisioning from the CLI Utility
For provisioning many accounts at once, you create a formatted text file with the user names. This file runs through a script, using the CLI command, zmprov. The zmprov utility provisions one account at a time.
Create a text file with the list of the accounts you want to add. Each account should be typed in the format of ca (Create Account), email address, empty password. For example, ca name@company.com ‘’
Note: In this example, the empty single quote indicates that there is no local password.
When the text file includes all the names to provision, log on to the Zimbra server and type the CLI command
zmprov <accounts.txt
Each of the names listed in the text file will be provisioned.
See Appendix A, for more zmprov commands.
Manage Aliases
An email alias is an email address that redirects all mail to a specified mail account. An alias is not an email account. Each account can have unlimited numbers of aliases.
When you select Aliases from the Manage Addresses Overview pane, all aliases that are configured are displayed in the content pane. From Aliases you can quickly view the account information for a specific alias, move the alias from one account to another, and delete the alias.
Class of Service
Class of Service (COS) determines what default attributes a Zimbra Web Client email account has and which features are enabled or denied. The COS controls mailbox quotas, message lifetime, password restrictions, attachment blocking, and server pools for creation of new accounts.
A default COS is automatically created during the installation of Zimbra Collaboration Suite. You can modify the default COS to set the attributes to your email restrictions, and you can create new COS’s to assign to accounts. A COS is global and is not restricted to a particular domain or set of domains.
Each account is assigned one COS. When an account is created, if the COS is not explicitly set, the default COS is assigned. If the COS assigned to the user no longer exists, the account is automatically assigned the default COS.
Assigning a COS to an account quickly configures account features and restrictions. Some of the COS settings can be overridden either by global settings or by user settings. For example:
Whether outgoing messages are saved to Sent can be changed in the user Options.
Note: COS settings assigned to an account are not enforced for IMAP clients.
See the Administration Console Help for a complete description of the fields in a class of service.
Distributing Accounts Across Servers
In an environment with multiple mailbox servers, the class of service is used to assign a new account to a mailbox server. The COS server pool tab lists the mailbox servers in your Zimbra environment. When you configure the COS, you select which servers to add to the server pool. Within each pool of servers, a random algorithm assigns new mailboxes to any available server.
Note: You can assign an account to a particular mailbox server when you create an account in the New Account Wizard, Mail Server field. Uncheck auto and enter the mailbox server in the Mail Server field.
Changing Password
Password restrictions can be set either at the COS level or at the account level. You can configure the following password rules:
View an Account’s Mailbox
View Mail in Accounts lets you view the selected account’s mailbox content, including all folders, calendar entries, and tags. This feature can be used to assist users who are having trouble with their mail account as you and the account user can be logged on to the account.
Any View Mail action to access an account is logged to the audit.log file.
Changing an Account’s Status
Account status determines whether a user can log in and receive mail. The account status is displayed when account names are listed on the Accounts content pane.
The following account statuses can be set:
Active. Active is the normal status for a mailbox account. Mail is delivered and users can log into the client interface.
Maintenance. When a mailbox status is set to maintenance, login is disabled, and mail addressed to the account is queued at the MTA. An account can be set to maintenance mode for backing up, importing or restoring the mailbox.
Locked. When a mailbox status is locked, the user cannot log in, but mail is still delivered to the account. The locked status can be set, if you suspect that a mail account has been hacked or is being used in an unauthorized manner.
Closed. When a mailbox status is closed, the login is disabled, and messages are bounced. This status is used to soft-delete an account before deleting it from the server.
Enforcing Mailbox and Contact Quotas
You can specify mailbox quotas and the number of contacts allowed for each account through the Zimbra administration console. These limits can be set in the Class of Service or on a per-account basis on the Advanced page.
Account quota is the amount of space in megabytes that an account can use. The quota includes email messages and Calendar meeting information. When the quota is reached, all email messages are rejected and users cannot add to their Calendars. You can view mailbox quotas from the administration console, Monitoring, Server Statistics.
The address book size limit field sets the maximum number of contacts a user can have across all of their address books. When the number is reached, users cannot add new contacts.
Moving a Mailbox
Mailboxes can be moved between Zimbra servers that share the same LDAP server. You can move a mailbox from one server to another without taking down the servers. The migration tool, zmmailboxmove, is provided through a command-line interface as described in Appendix A.
The migration tool does the following:
Puts the mailbox into maintenance mode. In this mode, incoming and outgoing messages are queued but not delivered or sent, and the user will be temporarily unable to access the mailbox
After the mailbox is moved to a new server, a copy still remains on the older server, but the status of old mailbox is closed. Users cannot log on and mail is not delivered. You should check to see that all the mailbox contents were moved successfully before purging the old mailbox.
Managing Distribution Lists
A distribution list is a group of email addresses contained in a list with a common email address. When users send to a distribution list, they are sending to everyone whose address is included in the list. The address line displays the distribution list address; the individual recipient addresses cannot be viewed. Only administrators can create, change, or delete distribution lists.
When an Zimbra user’s email address is added to a distribution list, the user ‘s account is updated with user account’s Member Of tab. When a distribution list is deleted or the removed, the distribution list is automatically removed from the Member Of tab.
The Hide in GAL check box can be enabled to create distribution lists that do not display in the Global Address List (GAL). You can use this feature to limit the exposure of the distribution list to only those that know the address.
Using Distribution Lists for Group Sharing
Distribution lists can be created as group lists so that users can quickly share their contact lists, calendars, and Zimbra documents with everyone on the list. Everyone has the same share privileges that the user defines. When new members are added to the group distribution list, they are automatically granted the same shared privileges as other members of the group. When members are removed from the group distribution list, their share privileges are revoked.
If you create a distribution list for sharing and do not want the distribution list to receive mail, you can disable the Can receive mail checkbox.
Managing Resources
A resource is a location or piece of equipment that can be scheduled for a meeting. The resource has its own mailbox address and accepts or rejects invitations automatically. Accounts with the Calendar feature can select resources for their meetings.
You create resources and manage their use from the administration console. A Resource Wizard guides you through the resource configuration, including designating the type of resource, the scheduling policy, the location, and a description.
To schedule a resource or location, users invite the equipment and/or location to a meeting. When they select the resource, they can view the notes about the resource and view free/busy status for the resource, if set up. When the meeting invite is sent, an email is sent to the resource account, and if the resource is free, the meeting is automatically entered in the resource’s calendar.
zmprov
 
Syntax:{name@domain} {password} [attribute1 value1 etc]
zmprov ma joe@domain.com zimbraAccountStatus maintenance
zmprov aaa joe@domain.com joe.smith@engr.domain.com
zmprov raa joe@domain.com joe.smith@engr.domain.com
Note: After you rename an account, you should run a full backup for that account. zmbackup -f - <servername.com> -a <newaccountname@servername.com>
 
zmprov cc Executive zimbraAttachmentsBlocked FALSE zimbraAuthTokenLifetime 60m zimbraMailQuota 100M zimbraMailMessageLifetime 0
zmprov mc Executive zimbraAttachmentsBlocked TRUE
 
Get DistributionListmembership
zmmailbox
The zmmailbox tool is used for mailbox management. The command can help administrators provision new mailboxes along with accounts, debug issues with a mailbox, and help with migrations.
Syntax
zmmailbox [args] [cmd] [cmd-args...]
Description
 
Long Name
http[s]://{host}[:{port}] server hostname and optional port. Must use admin port with -z/-a
--account {name}
--zadmin
use zimbra admin name/password from localconfig for admin/password
--mailbox
--password {pass}
--passfile {file}
--verbose
Specific CLI tools are available for the different components of a mailbox. Usage is described in the CLI help for the following
 
Examples
When you create an account, you may want to pre-create some tags and folders. You can invoke zmmailbox inside of zmprov by using "selectMailbox(sm)”
 
zmmboxsearch (Cross mailbox search)
zmmboxsearch is the CLI command used to search across mailboxes. You can search across mailboxes to find messages and attachments that match specific criteria and save copies of these messages to a directory.
Syntax
zmmboxsearch -q <querystring}> -m <mailboxids> -s <server> [-d directory]
Description
 
Short Name
<arg> Directory to write the messages to. If none is specified, then only the headers are fetched. Files names are generated in the form RESULTNUM_ACCOUNT-ID_ MAILITEMID.
Sets the limit for the number of results returned. The default is 25.
<arg> Comma-separated list of mailboxes to search. UIDs or email-address or /SERVER/MAILBOXID or *.
<arg> Specify where the hit list should start. The default is 0.
<arg> The query string for the search.
<arg> Mail server hostname. default is the localhost.
--verbose (optional)
Request that the status message print while the search is being executed.
Example
The following example is to do a cross-mailbox search in the Inbox folder of two different mailboxes on the specified server and put a copy of the message in to the specified directory.
zmmboxsearch -q "in:inbox” -m user1@yourdomain.com,user2@yourdomain.com -d /var/tmp
 

Managing User Accounts

Table of Contents Previous Next Index
ZCS Administrator's Guide, Network Edition 4.0
Copyright © 2006 Zimbra Inc.