It is possible to use Disabled Accounts as ERM-managed resources. This prevents the possibility of the resource account being misused or attacked and may remove the need to manage passwords on resource accounts. The account should be created and mailbox enabled normally. In Active Directory Users & Computers, the account can then be set to Disabled on the Account tab. Finally, to each disabled account, manually edit the Mailbox Rights and add the SELF account with the following mailbox rights:
- Read permissions
- Full mailbox access
- Associated external account
The account can then be managed and configured normally using the ERM Mailbox Browser.