Table of Contents
Active Directory Extensions is an extension to the Active Directory service (under Windows 2000 and newer versions) with items that include specific information for Kerio MailServer. By installation of the extension you can integrate part of Kerio MailServer into Active Directory. This will simplify actions related to user administration.
Kerio Active Directory Extensions provides the following benefits:
Kerio MailServer can (apart from its internal user account database) use also accounts and groups saved in the LDAP database (in Microsoft Active Directory). Using LDAP, user accounts can be managed from one location. This reduces possible errors and simplifies administration.
Additions, modifications or removals of user accounts/groups in the Microsoft Active Directory database are applied to Kerio MailServer immediately.
Example: A company uses the Windows 2000 domain and Kerio MailServer. A new employee was introduced to the company. This is what has been done until now:
A new account has been created in Active Directory.
The user has been imported to Kerio MailServer (or an account using the same name has been created and this name was verified by the Kerberos system).
If you use LDAP database only the first step must be taken. If Kerio Active Directory Extensions is deployed, the dialog where new user accounts can be created is extended with a tab where specific information for Kerio MailServer can be entered (email addresses, forwarding, quota, etc.).
The account is created only in the Active Directory database. Kerio MailServer and Microsoft Active Directory cooperate online. Accounts in Kerio MailServer are created automatically.
Warning:
Accounts created in Kerio Administration Console will be created only locally — such accounts will not be copied into the Active Directory database.
If the Active Directory server is not available it will not be possible to access Kerio MailServer. It is therefore recommended to create at least one local account with read/write permissions.
When creating a user account, ASCII must be used to specify username. If the username includes special characters or symbols, it might happen that the user cannot log in.