ZCS Administrator's Guide Network Edition 6.0.8
Table of Contents Previous Next Index


Managing User Accounts : Setting up and Configuring Accounts

Setting up and Configuring Accounts
You can configure one account at a time with the New Account Wizard or you can create many accounts at once using the Bulk Provisioning Wizard.
Configuring One Account
The administration console New Account Wizard steps you through the account information to be completed. Before you add user accounts, you should determine what features and access privileges should be assigned. You can configure the following type of information:
Features and preferences available for this specific account. Changes made at the account level override the rules in the COS assigned to the account
For a description of the features see Customizing Accounts, Setting General Preferences and Password Rules.
If the COS you assign is configured with the correct functionality for the account, you do not need to configure features, preferences, themes, zimlets, or advanced settings.
Creating an account sets up the appropriate entries on the Zimbra LDAP directory server. When the end-user logs in for the first time or when an email is delivered to the user’s account, the mailbox is created on the mailbox server.
Configuring Many Accounts at Once
You can provision up to 500 accounts on once using the Bulk Account Wizard from the administration console. The wizard takes you through the steps to upload a .csv file with the account information and then provisions the user accounts. These accounts are configured with a user name, display name and password (optional). The accounts are automatically assigned the domain default COS.
You create a .csv file with the account information. Each row in the file is an account entry. The account information is configured as
 
The account name cannot have spaces or use symbols. You can type a period (.) between words. For example: john.smith@example.com.
The password is optional. If you do not provide a password, a random password is generated for the account. When users log in the first time, they are prompted to change the password.
If you do not add the password to the .csv file, the comma after the display name field must be included. For example, user1@example.com,Jane Brown,
Batch Provisioning from the CLI Utility
For provisioning many accounts at once, you create a formatted text file with the user names. This file runs through a script, using the CLI command, zmprov. The zmprov utility provisions one account at a time.
Create a text file with the list of the accounts you want to add. Each account should be typed in the format of ca (Create Account), email address, empty password. For example, ca name@company.com ‘’
Note: In this example, the empty single quote indicates that there is no local password.
When the text file includes all the names to provision, log on to the Zimbra server and type the CLI command:
zmprov <accounts.txt>
Each of the names listed in the text file will be provisioned.
Manage Aliases
An email alias is an email address that redirects all mail to a specified mail account. An alias is not an email account. Each account can have unlimited numbers of aliases.
When you select Aliases from the Manage Addresses Overview pane, all aliases that are configured are displayed in the Content pane. From Aliases you can quickly view the account information for a specific alias, move the alias from one account to another, and delete the alias.
You can view and edit an account’s alias names from the account view.
Class of Service
Class of Service (COS) determines what default attributes an account has and which features are enabled or denied. The COS controls features, mailbox quotas, message lifetime, password restrictions, which Zimlets and Themes are available from ZWC, attachment blocking, and server pools for creation of new accounts.
A default COS is automatically created during the installation of Zimbra Collaboration Suite. A COS is global and does not need to be restricted to a particular domain or set of domains. You can modify the default COS to set the attributes to your email restrictions, and you can create multiple COSs.
Each account is assigned one COS. You can create a domain COS and have all accounts created on that domain automatically assigned this COS. You can create numerous COSs and specify which COS(s) are availably for a domain. If the domain does not have a COS defined, the default COS is automatically assigned when an account is created.
Note: If you delete a COS that accounts are currently assigned, the accounts are automatically assigned the default COS.
Assigning a COS to an account quickly configures account features and restrictions. Some of the COS settings can be overridden either by global settings or by user settings. For example:
Whether outgoing messages are saved to Sent can be changed from the Zimbra Web Client in the user’s Preferences.
Note: Some COS settings assigned to an account are not enforced for IMAP clients.
Setting Default Time Zones.
The default time zone setting that is displayed in the account’s Preferences folder is used to localize the time for received messages and calendar activities in the standard Web client. When using the standard Web client, the time zone on the computer is not used to set the time a message is received or for calendar activities. The time zone setting in the Preferences>General tab is. When using the advanced Web client, the time zone setting on the computer is used as the time stamp for received messages and for calendar activities, not the time zone setting on the General tab.
Because the advanced Web client and the standard Web client do not use the same time zone source to render messages, you may notice that the same message has a different time when displayed in one or the other client. You can avoid this by having the computer time zone and the Web client time zone set to the same time.
Distributing Accounts Across Servers
In an environment with multiple mailbox servers, the class of service is used to assign a new account to a mailbox server. The COS Server Pool tab lists the mailbox servers in your Zimbra environment. When you configure the COS, you select which servers to add to the server pool. Within each pool of servers, a random algorithm assigns new mailboxes to any available server.
Note: You can assign an account to a particular mailbox server when you create an account in the New Account Wizard, Mail Server field. Uncheck auto and enter the mailbox server in the Mail Server field.
Changing Passwords
If you use internal authentication, you can quickly change an account's password from the Account’s toolbar. The user must be told the new password to log on.
If you want to make sure users change a password that you create, you can enable Must Change Password for the account. The user must change the password the next time he logs on.
Password restrictions can be set either at the COS level or at the account level. You can configure settings to require users to create strong passwords and change their passwords regularly, and you can set the parameters to lock out accounts when incorrect passwords are entered. See Setting Password Policy and Setting Failed Login Policy in the Managing End-User Mailbox Features chapter.
Directing Users to Your Change Password Page
If your ZWC authentication is configured as external auth, you can configure ZCS to direct users to your password change page when users change their passwords. You can either set this URL as a global setting or a per domain setting.
Set the zimbraChangePasswordURL attribute to the URL of your password change page. The Change Password link in the Preferences>General tab goes to this URL and when passwords expire, users are sent to this page.
This is changed from the zmprov CLI.
 
View an Account’s Mailbox
View Mail in Accounts lets you view the selected account’s mailbox content, including all folders, calendar entries, and tags. When you are in an account, you can mouse over or right click on a folder to see the number of messages in the folder and the size of the folder. This feature can be used to assist users who are having trouble with their mail account as you and the account user can be logged on to the account.
Any View Mail action to access an account is logged to the audit.log file.
Reindexing a Mailbox
Mail messages and attachments are automatically indexed before messages are deposited in a mailbox. Each mailbox has an index file associated with it. This index file is required to retrieve search results from the mailbox.
If a mailbox's index file becomes corrupt or is accidentally deleted, you can re-index the messages in the mailbox from the administration console.
Text searches on an account might or might not fail with errors when the index is corrupt. You cannot count on a user reporting a failed text search to identify that the index is corrupt. You must monitor the index log for messages about corrupt indexes. If the server detects a corrupt index, a message is logged to the Zimbra mailbox.log at the WARN logging level. The message starts with Possibly corrupt index. When this message is displayed, the administrator must correct the problem. In many cases correcting the problem may mean reindexing the mailbox.
Reindexing a mailbox's content can take some time, depending on the number of messages in the mailbox. Users can still access their mailbox while reindexing is running, but because searches cannot return results for messages that are not indexed, searches may not find all results.
Changing an Account’s Status
Account status determines whether a user can log in and receive mail. The account status is displayed when account names are listed on the Accounts Content pane.
The following account statuses can be set:
Active. Active is the normal status for a mailbox account. Mail is delivered and users can log into the client interface.
Maintenance. When a mailbox status is set to maintenance, login is disabled, and mail addressed to the account is queued at the MTA. An account can be set to maintenance mode for backing up, importing or restoring the mailbox.
Pending. Pending is a status that can be assigned when a new account is created and not yet ready to become active. The login is disabled and messages are bounced.
Locked. When a mailbox status is locked, the user cannot log in, but mail is still delivered to the account. The locked status can be set, if you suspect that a mail account has been hacked or is being used in an unauthorized manner.
Closed. When a mailbox status is closed, the login is disabled, and messages are bounced. This status is used to soft-delete an account before deleting the account from the server. A closed account does not change the account license.
LockOut. This is set automatically when users who try to log in do not enter their correct password and are then locked out of their account. You cannot set this status manually. You set up a login policy with a specified number of consecutive failed login attempts that are allowed before they are locked out. How long the account is locked out is set by COS or Account configuration, but you can change the lockout status at any time.
Deleting an Account
You can delete accounts from the administration console. This removes the account from the server, deletes the message store, and changes the number of accounts used against your license.
Note: Before you delete an account, you can run a full backup of that account to save the account information. See the Backup and Restore chapter.
Moving a Mailbox
Mailboxes can be moved between Zimbra servers that share the same LDAP server. You can move a mailbox from either the administration console or use the CLI command, zmmailboxmove to move a mailbox from one server to another without taking down the servers.
The mailbox move process goes through the following steps:
Puts the mailbox into maintenance mode. In this mode, incoming and outgoing messages are queued but not delivered or sent, and the user will be temporarily unable to access the mailbox
Global configuration options for moving a mailbox can be set to exclude search indexes, blobs, and HSM blobs when mailboxes are moved. The following configuration options can be set on either the exporting server or the destination server:
zimbraMailboxMoveSkipSearchIndex. If you do not include the search index data, the mailbox will have to be reindexed after the move.
zimbraMailboxMoveSkipBlobs. Blobs associated with the mailbox, including primary and secondary volumes (HSM) are excluded.
zimbraMailboxMoveSkipHsmBlobs. This is useful when HSM blobs for the mailbox being moved already exists. Set this if zimbraMailboxMoveSkipBlobs is not set, but you want to skip blobs on HSM volumes.
After the mailbox is moved to a new server, a copy still remains on the older server, but the status of old mailbox is closed. Users cannot log on and mail is not delivered. You should check to see that all the mailbox contents were moved successfully before purging the old mailbox.
Moving a Mailbox using the CLI command
To move a mailbox to a new server using the CLI command, type
zmmailboxmove -a <email@address> -ow -s <servername> -t <movetoservername>
To purge the mailbox from the old server, type
zmmailboxmove -a <email@address) -po.
The mailbox and its contents and references are deleted from the server.

Managing User Accounts : Setting up and Configuring Accounts

Table of Contents Previous Next Index
ZCS Administrator's Guide Network Edition 6.0.8
Copyright © 2010 Zimbra Inc.