#75693 - 2003-07-10 10:24 AM
Re: Creating mailbox in Exchange 5.5
|
Raceeend
Starting to like KiXtart
Registered: 2002-05-09
Posts: 129
Loc: The Netherlands
|
This view can be set in Tools --> options --> Permissions tab --> Enabling "Show permissions page for all object"
The NT account is set as Primary Windows NT Account on the General Tab but that is done when creating the mailbox: $mailBox.Put("Assoc-NT-Account", $sid)
But if there are no permissions set opening the mailbox can't be done :-(
_________________________
regards,
Martijn
|
Top
|
|
|
|
#75694 - 2003-07-11 11:02 AM
Re: Creating mailbox in Exchange 5.5
|
Raceeend
Starting to like KiXtart
Registered: 2002-05-09
Posts: 129
Loc: The Netherlands
|
Found an example on how to set the NT-Security-Descriptor but it is in Visual Basic.Net Can someone help me translate it?
code:
Dim usr As New DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com") Dim newAce = New AccessControlEntryClass() Dim usrSD As SecurityDescriptor = CType(usr.Properties("ntSecurityDescriptor").Value, SecurityDescriptor) Dim usrAcl As AccessControlList = CType(usrSD.DiscretionaryAcl, AccessControlList) newAce.Trustee = "AliceW" newAce.AccessMask = - 1 newAce.AceType = 0 usrAcl.AddAce(newAce) usrSD.DiscretionaryAcl = usrAcl usr.Properties("ntSecurityDescriptor").Value = usrSD usr.CommitChanges()
[ 11. July 2003, 11:02: Message edited by: Raceeend ]
_________________________
regards,
Martijn
|
Top
|
|
|
|
#75698 - 2004-01-12 03:53 PM
Re: Creating mailbox in Exchange 5.5
|
mima
Hey THIS is FUN
Registered: 2002-01-25
Posts: 217
Loc: Jönköping, Sweden
|
Hi Sealeopard
I read on MS with the following quote:
LDAP name = Assoc-NT-Account / The primary NT account associated with this Mailbox Quote:
Limitations of ADSI ADSI cannot yet manipulate Access Control Lists (ACLs), which contain security information about which user has rights on a certain object. It cannot get the Windows NT Security Identifier (SID), the binary representation of a users account name, and thus cannot set the bits necessary to create the users rights. Thus developers cannot create a functional Mailbox object completely with ADSI, since a mailbox object requires the NT account SID in the Assoc-NT-Account attribute as well as the correct security rights on the mailbox object in the NT-Security-Descriptor attribute. The capability to manipulate ACLs is expected in a future release.
So it seems that it is not possibly to change the NT account with a script.
/mima
|
Top
|
|
|
|
#75702 - 2004-05-10 02:38 PM
Re: Creating mailbox in Exchange 5.5
|
Raceeend
Starting to like KiXtart
Registered: 2002-05-09
Posts: 129
Loc: The Netherlands
|
Not that i have found so far.
_________________________
regards,
Martijn
|
Top
|
|
|
|
Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart
|
0 registered
and 259 anonymous users online.
|
|
|