ZCS Administrator's Guide, Network Edition 4.5, Rev 2 11/07
Table of Contents Previous Next Index


Managing User Accounts

Managing User Accounts
You create accounts and configure features and access privileges from either the administration console or using CLI commands. The following are some of the account tasks you perform from the administration console:
Find a specific account using the Search feature
See the ZCS administration console Help for information about how to perform these tasks from the administration console.
The following CLI commands are also available to help facilitate account management.
The CLI zmprov can be used to manage accounts, aliases, distribution lists, and calendar resources.
The CLI zmmailboxmove command is used to move a mailbox.
The CLI zmmboxsearch is used to search across mailboxes to find messages and attachments that match specific criteria and then save copies of these messages to a directory.
The CLI zmmailbox command can be used for mailbox management. This command can help you provision new mailboxes, debug issues with a mailbox, and help with migrations. You can invoke zmmailbox from within zmprov.
See "" Appendix A   Command-Line Utilities for information about how to use these commands.
Setting up and Configuring Accounts
If you are using the administration console, the New Account Wizard steps you through the account information to be completed. Before you add an user account, you should determine what features and access privileges should be assigned. You configure the following type of information:
Features and preferences available for this specific account. Changes made at the account level override the rules in the COS assigned to the account.
For a description of the features see Customizing Accounts and Setting General Preferences and Password Rules.
Creating an account sets up the appropriate entries on the Zimbra LDAP directory server. When the end-user logs in for the first time or when an email is delivered to the user’s account, the mailbox is created on the mailbox server.
Batch Provisioning from the CLI Utility
For provisioning many accounts at once, you create a formatted text file with the user names. This file runs through a script, using the CLI command, zmprov. The zmprov utility provisions one account at a time.
Create a text file with the list of the accounts you want to add. Each account should be typed in the format of ca (Create Account), email address, empty password. For example, ca name@company.com ‘’
Note: In this example, the empty single quote indicates that there is no local password.
When the text file includes all the names to provision, log on to the Zimbra server and type the CLI command.
zmprov <accounts.txt
Each of the names listed in the text file will be provisioned.
Manage Aliases
An email alias is an email address that redirects all mail to a specified mail account. An alias is not an email account. Each account can have unlimited numbers of aliases.
When you select Aliases from the Manage Addresses Overview pane, all aliases that are configured are displayed in the content pane. From Aliases you can quickly view the account information for a specific alias, move the alias from one account to another, and delete the alias.
Class of Service
Class of Service (COS) determines what default attributes a Zimbra Web Client email account has and which features are enabled or denied. The COS controls mailbox quotas, message lifetime, password restrictions, attachment blocking, and server pools for creation of new accounts.
A default COS is automatically created during the installation of Zimbra Collaboration Suite. You can modify the default COS to set the attributes to your email restrictions, and you can create new COS’s. A COS is global and is not restricted to a particular domain or set of domains. You can assign a COS to a domain.
Each account is assigned one COS. By default, when an account is created, the account is assigned the domain COS, if the domain has a COS assigned. If the domain does not have a COS, the default COS is automatically assigned. You can assign any COS to the account. If the COS assigned to the account no longer exists, the account is automatically assigned the default COS.
Assigning a COS to an account quickly configures account features and restrictions. Some of the COS settings can be overridden either by global settings or by user settings. For example:
Whether outgoing messages are saved to Sent can be changed in the user Options.
Note: COS settings assigned to an account are not enforced for IMAP clients.
Distributing Accounts Across Servers
In an environment with multiple mailbox servers, the class of service is used to assign a new account to a mailbox server. The COS server pool tab lists the mailbox servers in your Zimbra environment. When you configure the COS, you select which servers to add to the server pool. Within each pool of servers, a random algorithm assigns new mailboxes to any available server.
Note: You can assign an account to a particular mailbox server when you create an account in the New Account Wizard, Mail Server field. Uncheck auto and enter the mailbox server in the Mail Server field.
Changing Password
If you use internal authentication, you can quickly change an account's password from the Account’s toolbar. The user must be told the new password to log on.
If you want to make sure users change a password that you create, you can enable Must Change Password for the account. The user must change the password the next time he logs on.
Password restrictions can be set either at the COS level or at the account level. You can configure settings to require users to create strong passwords and change their passwords regularly, and you can set the parameters to lock out accounts when incorrect passwords are entered. See Setting Password Policy and Setting Failed Login Policy in the Managing End-User Mailbox Features chapter.
View an Account’s Mailbox
View Mail in Accounts lets you view the selected account’s mailbox content, including all folders, calendar entries, and tags. This feature can be used to assist users who are having trouble with their mail account as you and the account user can be logged on to the account.
Any View Mail action to access an account is logged to the audit.log file.
Re indexing a Mailbox
Mail messages and attachments are automatically indexed before messages are deposited in a mailbox. Each mailbox has an index file associated with it. This index file is required to retrieve search results from the mailbox.
If a mailbox's index file becomes corrupt or is accidentally deleted, you can re-index the messages in the mailbox from the administration console. Messages and attachments in all the user's folders are re-indexed. Re-indexing a mailbox's contents can take a some time, depending on the number of messages in the mailbox. Users can still access their mailbox while re-indexing is running, but because searches cannot return results for messages that are not indexed, searches may not find all results.
Changing an Account’s Status
Account status determines whether a user can log in and receive mail. The account status is displayed when account names are listed on the Accounts content pane.
The following account statuses can be set:
Active. Active is the normal status for a mailbox account. Mail is delivered and users can log into the client interface.
Maintenance. When a mailbox status is set to maintenance, login is disabled, and mail addressed to the account is queued at the MTA. An account can be set to maintenance mode for backing up, importing or restoring the mailbox.
Locked. When a mailbox status is locked, the user cannot log in, but mail is still delivered to the account. The locked status can be set, if you suspect that a mail account has been hacked or is being used in an unauthorized manner.
Closed. When a mailbox status is closed, the login is disabled, and messages are bounced. This status is used to soft-delete an account before deleting it from the server.
LockOut. Users who try to log in and do not enter their correct password are locked out of their account after a specified number of consecutive failed login attempts. An account’s status is automatically changed to Lockout. How long the account is locked out is set by COS or Account configuration, but you can change the lockout status at any time.
Deleting an Account
You can delete accounts from the administration console. This removes the account from the server, deletes the message store, and changes the number of accounts used against your license.
Note: Before you delete an account you can run a full backup of that account to save the account information. See the Backup and Restore chapter.
Enforcing Mailbox and Contact Quotas
You can specify mailbox quotas and the number of contacts allowed for each account through the Zimbra administration console. You can view mailbox quotas from the administration console, Monitoring, Server Statistics. See Setting Account Quotas in the Managing End-User Mailbox Features chapter.
Moving a Mailbox
Mailboxes can be moved between Zimbra servers that share the same LDAP server. The CLI command, zmmailboxmove is used to move a mailbox from one server to another without taking down the servers.
The mailbox move process goes through the following steps:
Puts the mailbox into maintenance mode. In this mode, incoming and outgoing messages are queued but not delivered or sent, and the user will be temporarily unable to access the mailbox
After the mailbox is moved to a new server, a copy still remains on the older server, but the status of old mailbox is closed. Users cannot log on and mail is not delivered. You should check to see that all the mailbox contents were moved successfully before purging the old mailbox.
To move a mailbox to a new server, type
zmmailboxmove -a <email@address> -ow -s <servername> -t <movetoservername>
To purge the mailbox from the old server, type
zmmailboxmove -a <email@address) -po.
The mailbox and its contents and references are deleted from the server.
Managing Distribution Lists
A distribution list is a group of email addresses contained in a list with a common email address. When users send to a distribution list, they are sending to everyone whose address is included in the list. The address line displays the distribution list address; the individual recipient addresses cannot be viewed. Only administrators can create, change, or delete distribution lists.
When a Zimbra user’s email address is added to a distribution list, the user’s account Member Of tab is updated with the list name. When a distribution list is deleted or the removed, the distribution list is automatically removed from the Member Of tab.
The Hide in GAL check box can be enabled to create distribution lists that do not display in the Global Address List (GAL). You can use this feature to limit the exposure of the distribution list to only those that know the address.
Using Distribution Lists for Group Sharing
Distribution lists can be created as group lists so that users can quickly share their contact lists, calendars, and Zimbra documents with everyone on the list. Everyone has the same share privileges that the user defines. When new members are added to the group distribution list, they are automatically granted the same shared privileges as other members of the group. When members are removed from the group distribution list, their share privileges are revoked.
If you create a distribution list for sharing and do not want the distribution list to receive mail, you can disable the Can receive mail checkbox.
Managing Resources
A resource is a location or piece of equipment that can be scheduled for a meeting. The resource has its own mailbox address and accepts or rejects invitations automatically. User accounts with the Calendar feature can select resources for their meetings.
You create resources and manage their use from the administration console. A Resource Wizard guides you through the resource configuration, including designating the type of resource, the scheduling policy, the location, and a description.
To schedule a resource or location, users invite the equipment and/or location to a meeting. When they select the resource, they can view the notes about the resource and view free/busy status for the resource, if set up. When the meeting invite is sent, an email is sent to the resource account, and if the resource is free, the meeting is automatically entered in the resource’s calendar.
Searching for Addresses
You can use Search and Advanced Search to locate individual accounts, aliases, distribution lists, and resources on the LDAP server. From the search bar you quickly search by display name, first name, last name, the first part of the email address, alias, or delivery address. If you do not know the complete name, you can enter a partial name. Partial names can result in a list that has the partial name string anywhere in the information.
You can also use the Zimbra mailbox ID number to search for an account. To return a search from a mailbox ID, the complete ID string must be entered in the search.
The Advanced Search feature lets you create a complex query to search for addresses by domain or server. Individual mini-search panes let you select the criteria for the search.
The results of a search display in the content pane and the total number of items found are displayed on the right side of the toolbar.
 
 

Managing User Accounts

Table of Contents Previous Next Index
ZCS Administrator's Guide, Network Edition 4.5, Rev 2 11/07
Copyright © 2007 Zimbra Inc.