Re: Script-in SELF Permission?

I should have noted in the original post that this is Exchange 2003 and
Windows 2003 Active Directory.

The links you provided tell me how to fix the portion that I already
have a script for. Im all set in the mailbox rights area, its the
Security Tab of the user object (Advanced Features in ADUC) that is
missing the SELF account.

Using the script Quest gave me to fix the msExchangeSecurityDescriptor
problem will allow the users to log on to their mailbox which is great,
but once they're in, they wont be able to set up delegates and things
like that. SELF needs to be in the Object's Security Tab with the
rights I listed above in order for them to be able to do those things.

To summarize, I need a script or app that will go into each user object
and add SELF with those 6 rights.

Thanks!
Greg


Jorge Silva wrote:
Hi
Is it Exch 2000?
Read MS has a script to do his on multiple users
http://support.microsoft.com/kb/830830
http://support.microsoft.com/kb/329169

--
*************************************************
I hope that the information above helps you
Good Luck

Jorge Silva

MCSA + Exchange + MSCE
*************************************************

<gf@xxxxxxxx> wrote in message
news:1164062203.148901.13890@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hey guys..

Hoping you can help out here. We migrated from NT/Ex 5.5 about a year
ago. We are now in the process of shutting down our legacy NT domains.
We have come across a problem while decommissioning the NT Domains:

For some reason, about 1000 of our 4000 accounts do not have the SELF
permission in the mailbox rights, or the security tab of the user
object.

Quest was nice enough to give me a vbscript that would fix the SELF
permission in the mailbox rights area, but they dont have anything to
add SELF to the security tab of the user.

Does anyone know of an easy way to add SELF to the objects in bulk, and
add the following:

Change Password - Allow
Send As - Allow
Receive As - Allow
Write Personal Information - Allow
Write Phone and Mail Options - Allow
Write Web Information - Allow

I assume a vbscript could do it, but I dont know much about scripting,
nor do I know the places in ADSI to modify them. I just want to avoid
going thru 4000 accounts individually and adding them.

Please help! :)

Thanks
Greg


.

Relevant Pages

  • Re: Script-in SELF Permission?
    ... and I'm not im position to confirm that at this moment but you shouldn't need the SELF security principal to do that... ... The "Send As" right is removed from a user object after you configure the "Send As" right in the Active Directory Users and Computers snap-in in Exchange Server ... Im all set in the mailbox rights area, ... Using the script Quest gave me to fix the msExchangeSecurityDescriptor ...
    (microsoft.public.windows.server.active_directory)
  • lk-changelog.pl 0.167
    ... This script is used by Linus and Marcelo to rearrange and reformat BK ... fix obfuscation of unknown addresses in terse/oneline modes ... Bryan O'Sullivan's address got hosed. ... $indent is auto-generated from $indent1. ...
    (Linux-Kernel)
  • Re: Problem with popen on windows
    ... I just found a fix that works for me.. ... parent for the child script.. ... Private Function ParseCmdLine ... >> def system ...
    (comp.lang.ruby)
  • Re: Add/Removed page problem
    ... This script lists all the negative icon references present in the registry, ... Download http://windowsxp.mvps.org/utils/ARPNegCheck.vbs ... That is the 'fix' that doesn't work or apply, ... TIA, Dick ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: OE no longers remembers the last path to saving attachments
    ... Monique wrote: ... > Double-click the vbs file. ... You will be prompted when the script is done. ... This fix can "wear out" ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)