There are many ways to prevent Active Directory users from logging on to certain computers. For large and more complicated scenarios it's best to use Group Policy.
But if I need to create a few "email only" user accounts I normally do following:
- Create a normal Exchange / Active Directory user account
- Go to Active Directory Users and Computers and open the user account Properties
- In the Account tab click on Log On To...
- Select This use can log on to: The following computers and add your Exchange server computer account
This will not allow user to actually login to the Exchange server (this is prevented by default server policies) , but you have to enter some computer account as otherwise it will revert to All Computers.
Windows Server 2008 R2 domain
Microsoft Exchange 2010