ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

Configuring and using e-mail enabled service accounts:

Return to IT/SA Services E-mail Documentation Home


We all have situations where an e-mail address needs to be associated to a service rather than an individual. This need may be addressed via the use of e-mail enabled service accounts. Each OU Admin will see a "Service Accounts" within their OU where these accounts are suppossed to be created and reside. A service account is just a specially-named security group that uses the "if-svc-" prefix. By e-mail enabling these, it allows the account to be used for e-mail.


Some of the setup needs to be done server-side and some must be done on the client. The descriptions following are one recommended way of handling these, which has the advantage of requiring assistance only at initial setup; after that is done an OU Admin can control who may access the account by changing the membership of a security group. Since service roles often change over time, this sort of setup makes a lot of sense.


  1. Create the service account (e.g., if-svc-servicename)
  2. Create an associated security group (e.g., . ifas-eyn-servicegroup)
  3. Go into ADUC, and on the security tab of the service account add the security group, giving it the Send As permission.
  4. Have an Exchange admin e-mail enable the service account and grant the security group Full Mailbox Rights on that service account. (e.g., via Remedy request to Scott Owens)


  1. Logon as one of the members of the security group and run Outlook.
  2. Modify the account via the account's More Settings > "Advanced" tab and add the service account as another mailbox to open.


Once the above client-side configuration has been accomplished, the user will have the service account added as a second mailbox within Outlook. This will allow them to view and manage any e-mails which the service account receives.


To send an e-mail "as" the service account, the user must change the From address. That field is not available by default, but may be displayed via the View > From field (Outlook 2003) or via Options > Fields (Outlook 2007). Before sending, one must enter the service account name into the From field.

Messages sent this way go into the Sent Items of the user, however, not the Sent Items of the service account. If you have multiple people who may need to use the service account, each would be unable to see messages sent by the other service accounts users. One way to get around that is to BCC the service account on such mailings; in order to make that easy, the BCC field may be made part of the view in the same way the From field was.

In summary, to send as the service account, set both the From and the BCC to be the service account. The recipient will see the message as coming from the service account, and the account will get a copy in its Inbox for all potential service account users to see.

Further refinements

There is likely some way to create a rule that would move BCC'd messages from the service account inbox to its Sent Items folder. Steve's initial attempts at doing that have not worked too well however; the rule would work if manually applied, but not automatically for some reason. If anyone suspects they know why, please let Steve know and he will update this page.

last edited 16 June 2008 by Steve Lasley