GetSecurityDescriptor for Ex2000 Mailbox

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: Steve Smith (steve.a.smith_at_gov.bc.ca)
Date: 12/22/04

  • Next message: beowulfs: "Re: NewItemAlert Modification for outlook path link" 
    Date: Wed, 22 Dec 2004 08:59:08 -0800

    I am developing some code to programmatically add permissions to Exchange
    2000 mailboxes for secondary accounts. I am using ADSSecurity.Dll and CDOEXM
    in a C# console application.

    I am having a problem getting the correct SecurityDescriptor for the
    mailbox. My C# function is below. When I execute this code I get no errors,
    however the permissions are added to the Account (appearing on the Security
    tab in ADUC) rather than on the Mailbox (Mailbox rights on the Exchange
    Advanced tab).

    Can anyone tell me where I am going wrong?

    Thanks in advance

    Steve

    static void SetExchangeSecurity(string acctToAdd, DirectoryEntry pMailbox,
    int accessMask)
    {
     ActiveDs.AccessControlEntry pNewAce = new ActiveDs.AccessControlEntry();
     pNewAce.Trustee = acctToAdd;

     pNewAce.AccessMask = accessMask;

     pNewAce.AceType =
      (int)(ActiveDs.ADS_ACETYPE_ENUM.ADS_ACETYPE_ACCESS_ALLOWED );
     pNewAce.AceFlags =
      (int)(ActiveDs.ADS_ACEFLAG_ENUM.ADS_ACEFLAG_INHERIT_ACE);
     CDOEXM.IMailboxStore oMbx = (CDOEXM.IMailboxStore) pMailbox.NativeObject;
     try
     {
      ADSSECURITYLib.ADsSecurity pSec = new ADSSECURITYLib.ADsSecurity();
      ActiveDs.IADsSecurityDescriptor pSecDesc =
       (ActiveDs.IADsSecurityDescriptor)(pSec.GetSecurityDescriptor(oMbx));
      ActiveDs.IADsAccessControlList pAcl =
       (ActiveDs.IADsAccessControlList)(pSecDesc.DiscretionaryAcl);
      pAcl.AddAce(pNewAce);
      pSecDesc.DiscretionaryAcl = pAcl;
      pSec.SetSecurityDescriptor(pSecDesc,pMailbox.Path);
      pMailbox.CommitChanges();
     }
     catch (Exception exc)
     {
      Console.WriteLine(exc);
     }

     pMailbox.Close();
    }

  • Next message: beowulfs: "Re: NewItemAlert Modification for outlook path link"

    Relevant Pages

    • RE: send email with exchange in a domain and SBS
      ... If you want to share one user's mailbox to others, ... Exchange server. ... Right click the folder and click Properties. ... In the Permissions tab, ...
      (microsoft.public.windows.server.sbs)
    • Re: Mailbox Access
      ... If a user a member of Domain Admins group then he/she can access to mailbox ... Must the users have "Logon locally" permission on Exchange? ... > It should be Full Mailbox Access, and Read Permissions. ... >> mapped to thier accounts during the ADC setup and Exchange ...
      (microsoft.public.exchange.admin)
    • Re: Exchange 2003 Custom Application, read emails from sereval mai
      ... the permission that Michael mentioned is a special one in Exchange. ... This one right will give the user full access to everybodies mailbox... ... Another thing you can do with WebDAV is to use the administrative root. ... > understand how to set the correct permissions in exchange. ...
      (microsoft.public.exchange.development)
    • Re: Exchange 2003 - Giving a user full rights to read/write all ma
      ... Click the advanced tab when you go to the security tab of the mailbox ... mailbox store or public store, ... but I'll list the only permissions I have available to me in that ... see that "Allow Impersonation to Personal Exchange Information" ...
      (microsoft.public.exchange.admin)
    • Re: Exchange mailbox permissions storage
      ... When you create a mailbox, it inherits permissions from the mailbox store. ... Exchange Server 2003" at ...
      (microsoft.public.exchange2000.active.directory.integration)