Problem

As a GroupWise administrator, I often get asked to access a user's account by his or her supervisor, for a variety of reasons (granting proxy access, looking for certain emails, opening a records request, etc.) and many times without that user knowing. For some time, the only way to access someone's account was to change their password. Of course, this would create problems for the target user when they tried to access their account again with a password that was no longer valid.

Solution

Since switching to LDAP Authentication for all GroupWise Post Offices, I've found a much easier, less intrusive way to access a user's account, without having to change their password. If you're not using LDAP Authentication, then this will not work.

To proceed, follow these steps:

1. Create a temporary eDirectory user. The actual login name can be anything.

2. Put the first and last name of the target user (the user whose email you are wanting to access) into the temporary user's First and Last name fields.

3. Assign a password to the temporary account.

4. Switch to the GroupWise View in ConsoleOne and browse to the target user.

5. Right-click his/her account and select GroupWise Utilities – GW / eDir Association – Associate Objects.

6. With 'Select Existing Object' chosen, click the Browse icon.

7. Browse to your temporary eDirectory user created in step 1.

8. Highlight the user and click OK. You will be prompted that the existing object is already associated with another object - proceed anyway.

This will reassociate the target user's GroupWise account with your temporary eDirectory user. Depending on your system's internet email format, with the first and last names filled in appropriately, it should also maintain the email address of the account during this operation so as not to deny any external email.

9. After allowing a few minutes for the changes to propagate, log in to GroupWise as the target user. You will use the target user's GroupWise USERNAME, but you will use the temporary eDirectory user's PASSWORD. Now you're in.

Once you've finished any necessary operations (finding email, granting proxy access, etc.), you'll need to reverse this.

10. Repeat Step 2 exactly.

11. Repeat Step 3, except when browsing for the existing object, select the target user's regular eDirectory account.

I was quite surprised to find how simple this solution is, and I have used it on many occasions to access user accounts on a supervisor's behalf.

Environment

GroupWise 7 using LDAP Authentication