Creating a Contact and Domain Account in Active Directory

The purpose of this blog post is to provide the guidance and the steps needed to Create a Contact and Domain Account in Active Directory that permits email forwarding to an external email address for contractors or subcontractors of your organization in the Exchange Admin Center. Additionally, this permits the Systems Administrator for your IT group to include this Contact as a member of any corporate email distribution lists so the Contact receives any emails intended for them as a member of the distribution list.

Additional factors to consider and where these steps would come in handy:

  • The subcontractor or contractor was provided a company laptop on the Windows domain by your organization (if this is the case, a domain account will be required to log into the laptop).
  • If a corporate laptop was assigned by your organization to the subcontractor or contractor, please ensure the Computer Object is placed in the proper Organizational Unit (OU) in Active Directory. This ensures the proper GPO‘s are being enforced on this workstation while in the subcontractor or contractor’s possession.
  • If the Office suite is included with the company laptop used by the subcontractor or contractor, an Office 365 license will need to be assigned to the domain account assigned to the subcontractor or contractor.
  • Since this subcontractor or contractor is NOT an official employee of your company but is being paid to do work for your company, the domain account should be hidden (set to TRUE under the Attribute Editor for msExchHideFromAddressLists attribute) from the GAL (Global Address List). The mail and mailnickname attributes are set to the assigned contractor’s email address provided by the company they are contracted to work for.

Create the Windows Domain account:

  1. Launch Active Directory Users and Computers.
  2. Using the example images found below, follow these steps:
    • Right-click the Users OU, select New and then select User.
    • Complete the required fields (First name, Last name, Full Name, User logon name (i.e. firstinitiallastname, the domain this account will be assigned to from the drop-down list) and then select Next.
    • On the following screen, assign a password for this domain account including the desired domain account password attributes, select Next and then Finish.

Once the domain account has been created, we’ll now need to create the Contact in AD.

  1. Launch Active Directory Users and Computers.
  2. Using the example images found below, follow these steps:
    • Right-click the Users OU, select New and then select Contact.
    • Complete the required fields (First name, Last name, Full Name, and Display name and then select OK.

Examples of the Active Directory (AD) Domain and Contact account properties can be found below. The AD Domain account includes additional tabs vs the Contact account.

Next, please log into your Microsoft Office Portal with your Office365 credentials.

Once you’ve successfully logged in, please select the App launcher (upper left hand corner, nine dots) and then Admin.

The Microsoft 365 Admin Center should now open. Please select Show All and then Exchange.

The Exchange Admin Center should now open with a many options to choose from. For this post and use case, please Recipients and then Mailboxes. In the search box, enter the name of the domain account assigned to the subcontractor or contractor. Once a match has been found, please highlight it and then click OK. Then select Mailbox Features on the left hand side. Scroll down the list and then select View Details under Mail Flow. Please tick the box for Enable Forwarding under Delivery Options, then Browse, search for the subcontractor or contractor’s AD Contact account in the search box, highlight the name, then select OK.

If I have missed anything or if you have any suggestions, please let me know.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Website Powered by WordPress.com.

Up ↑

%d bloggers like this: