When Active Directory is used to manage users' authentication within the network, Zimbra Collaboration should be configured to use this mode to keep the passwords in sync. The configuration can be done accessing the Admin Console via browser.
Zimbra Collaboration suite is an open source solution for email, address book, calendar and tasks that can be accessed from a variety of standards-based email clients and mobile devices.
Check Active Directory account
To properly configure the application, it's necessary to figure out AD users to create in the mail system accessing Active Directory User and Computer MMC snap-in.
Right click the user to test with Zimbra then select Properties option.
Note the User logon name.
Configure Zimbra authentication
To configure Zimbra authentication mode, access the Admin Console typing from the browser the address https://IP_Address:7071. Insert Username and Password then click Sign In button.
Select Configure item in the left side of the window.
Click Domains on the left side then right click the domain to configure and select Configure Authentication option.
Select External Active Directory option then click Next.
Type the AD domain name and insert the IP_address or FQDN of the Domain Controller specifying the LDAP Port. Click Next.
Leave default. Click Next.
Type the Username and Password of the Active Directory account to authenticate. Click Test button to verify the account.
If everything has been properly set, the account is authenticated successfully. Click Next.
Leave default then click Next.
The configuration is complete. Click Finish to save changes.
To synchronize Zimbra Collaboration with Active Directory, same account name must be created in the Zimbra system. From Admin Console, Select Manage item in the left side of the window.
Click Settings icon then select New to create a new account.
Type same Account name as set in the Active Directory and the used public domain.
As you can recognize, no password field is present in the New Account options. This because the password is taken directly from the Active Directory. Click Finish to create the account.
If you try changing the password of the created account, the Change Password option is grayed out.
Test authentication
Open the browser and access Zimbra webmail by typing the server IP_Address or the DNS public name (i.e. mail.nolabnoparty.com). When Zimbra authentication screen appears, type Username and Password of the account just created then click Sign In button.
If the authentication succeeds, Zimbra user’s webmail page opens. The used account has been authenticated directly from the Active Directory.
Zimbra is now properly configured to authenticate users against Active Directory. If a company needs to implement Zimbra Collaboration as messaging software, this task should be performed by IT professionals to achieve best results and ensure a proper support.
Hi Paolo,
Fist of all thanks for the guide this is what i was looking for, i have a couple of questions, what happen with the users that doesnt have Ad account? , second if i have users with previously have internal account are they going to be receiving their emails as usual??
Thanks in advance
Hi Paolo,
This tutorial was very helpful as I have been able to integrate zimbra with my active directory.
However, I would like to know how to force existing Zimbra accounts to authenticate to active directory rather than local database.
Thank you