Hi Sealeopard

I read on MS with the following quote:

LDAP name = Assoc-NT-Account / The primary NT account associated with this Mailbox

Quote:

Limitations of ADSI
ADSI cannot yet manipulate Access Control Lists (ACLs), which contain security information about which user has rights on a certain object. It cannot get the Windows NT Security Identifier (SID), the binary representation of a users account name, and thus cannot set the bits necessary to create the users rights. Thus developers cannot create a functional Mailbox object completely with ADSI, since a mailbox object requires the NT account SID in the Assoc-NT-Account attribute as well as the correct security rights on the mailbox object in the NT-Security-Descriptor attribute. The capability to manipulate ACLs is expected in a future release.






So it seems that it is not possibly to change the NT account with a script.

/mima