Kevin, Will this work for user permissions with Exchange 5.5? It looks more like the AD for Exchange 2000, I do not see where you call the Exchange Server Name, I see the domain.
-----Original Message----- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, October 04, 2001 5:30 AM To: MS-Exchange Admin Issues Subject: RE: LDAP Dilemma Hiding the mailbox is easy use: objMailbox.Put "Hide-From-Address-Book", True The permissions are more difficult. Although, in Exchange admin, when you add the assoc-NT-account it automatically sets the permissions, you don't get that when you create programmatically (bummer!). You will need to get you're hands on adssecurity.dll (download from MS) and register it on the machine using regsvr32.exe. Then set up a reference to this dll in your project. Then use this code: Declarations: Public Const RIGHT_MODIFY_USER_ATTRIBUTES = &H2 Public Const RIGHT_MODIFY_ADMIN_ATTRIBUTES = &H4 Public Const RIGHT_SEND_AS = &H8 Public Const RIGHT_MAILBOX_OWNER = &H10 Public Const RIGHT_MODIFY_PERMISSIONS = &H80 Public Const RIGHT_SEARCH = &H100 Dim sec As Object Dim sd As IADsSecurityDescriptor Dim dacl As IADsAccessControlList Dim ace As New AccessControlEntry Dim CORRECTPERMISSIONS Set ace = CreateObject("AccessControlEntry") Set sec = CreateObject("ADsSecurity") Set sd = sec.GetSecurityDescriptor(Mailbox.ADSPath) Set dacl = sd.DiscretionaryAcl ace.Trustee = strExchDomain & "\" & UserName ace.AccessMask = RIGHT_MODIFY_USER_ATTRIBUTES Or RIGHT_SEND_AS Or RIGHT_MAILBOX_OWNER dacl.AddAce ace sd.DiscretionaryAcl = dacl sec.SetSecurityDescriptor sd Any object in NT will have a Security Descriptor which contains (amongst other things) two Access Control Lists - a system control list and a discretionary control list. Each ACL contains a number of ACEs (Access Control Entries) which detail the user and the amount of access they have to this object. You can picture this as the locks to the door. When you login, you will receive a Security Identifier. Picture this as the key to the door. Clearly, if the key fits the lock then you can open the door (Sorry about the first grade analogy but it's a good one!). Kevin -----Original Message----- From: White, Don (PSC) [mailto:[EMAIL PROTECTED]] Sent: 03 October 2001 21:33 To: MS-Exchange Admin Issues Subject: RE: LDAP Dilemma All knowing Kevin. I humbly ask to reap from your knowledge. You were right, I have it working (somewhat) and it creates the mailbox and assigns the domain account. I thought that this would automatically set the user permissions on the mailbox for the LAN ID. Silly Me, that would be too easy. How do you set the user permissions on the mailbox and also how would you mark the mailbox as hidden using VB. Thanks again, Don -----Original Message----- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 02, 2001 11:16 AM To: MS-Exchange Admin Issues Subject: RE: LDAP Dilemma 1) Yes. The SID is required. Try this: Dim rbSID(1024) As Byte Get_Exchange_Sid strExchDomain, UserName, rbSID .Put "Assoc-NT-Account", rbSID Function Get_Primary_DCName(ByVal MName As String, ByVal DName As String) As String Dim Result As Long Dim DCName As String Dim DCNPtr As Long Dim DNArray() As Byte Dim MNArray() As Byte Dim DCNArray(100) As Byte MNArray = MName & vbNullChar DNArray = DName & vbNullChar Result = NetGetDCName(MNArray(0), DNArray(0), DCNPtr) If Result <> 0 Then Exit Function End If Result = PtrToStr(DCNArray(0), DCNPtr) Result = NetApiBufferFree(DCNPtr) DCName = DCNArray() Get_Primary_DCName = DCName End Function Sub Get_Exchange_Sid(strNTDomain As String, strNTAccount As String, rbSID() As Byte) Dim pSid(512) As Byte Dim pDomain(512) As Byte Dim IReturn As Long Dim i As Integer IReturn = LookupAccountName(Get_Primary_DCName("", strNTDomain), strNTAccount, pSid(0), 512, pDomain, 512, 1) For i = 0 To GetLengthSid(pSid(0)) - 1 rbSID(2 * i) = AscB(Hex$(pSid(i) \ &H10)) rbSID(2 * i + 1) = AscB(Hex$(pSid(i) Mod &H10)) Next i End Sub Here are functions declared: Declare Function LookupAccountName Lib "advapi32.dll" _ Alias "LookupAccountNameA" _ (ByVal IpSystemName As String, _ ByVal IpAccountName As String, _ pSid As Byte, _ cbSid As Long, _ ByVal ReferencedDomainName As String, _ cbReferencedDomainName As Long, _ peUse As Integer) As Long Declare Function NetGetDCName Lib "NETAPI32.DLL" _ (ServerName As Byte, _ DomainName As Byte, _ DCNPtr As Long) As Long Declare Function NetApiBufferFree Lib "NETAPI32.DLL" _ (ByVal Ptr As Long) As Long Declare Function PtrToStr Lib "kernel32" _ Alias "lstrcpyW" (RetVal As Byte, ByVal Ptr As Long) As Long Declare Function GetLengthSid Lib "advapi32.dll" _ (pSid As Byte) As Long 2)The field is "otherMailbox" and is a multi value array. Try this: Dim NewMailboxArray() As Variant NewMailboxArray(0) = "X400$c=US;a=MCI;p=VWoA;o=NAR-ABH;s=test;g=VB" NewMailboxArray(1) = "SMTP$[EMAIL PROTECTED]" NewMailboxArray(2) = "RFAX$VBtest@" NewMailboxArray(3) = "smtp$[EMAIL PROTECTED]" objNewUser.PutEx 2, "otherMailbox", NewMailboxArray I bet the next thing you'll be asking about is how to set the Permissions. Get back to the list when you're there. Kevin -----Original Message----- From: White, Don (PSC) [mailto:[EMAIL PROTECTED]] Sent: 02 October 2001 14:48 To: MS-Exchange Admin Issues Subject: LDAP Dilemma I am trying to create an Exchange 5.5 Mailbox through LDAP using VB. If anyone has had any luck doing this in the past I am looking for a couple of helps 1) My first problem is with the following Line. I am assuming that I will need to get the SID for the account instead. Can anyone verify this? .put "Assoc-NT-Account", "domain/userid" 'Primary NT ID 2) I need to add multiple email addresses to the account. However it is only adding the last one entered. Is there another field that I need to increment for each address I add if so what is it? .put "Proxy-Addresses", "smtp:[EMAIL PROTECTED]" 'Secondary Email Addresses .put "Proxy-Addresses", "SMTP:[EMAIL PROTECTED]" 'Primary Email Addresses .put "Proxy-Addresses", "RFAX:VBtest@" 'Primary Email Addresses .put "Proxy-Addresses", "X400:c=US;a=MCI;p=VWoA;o=NAR-ABH;s=test;g=VB" 'X400 Addresses .SetInfo Thanks, Don Sub Main() Set obj = GetObject("LDAP://ExchangeServer/cn=Recipients,ou=site,o=org";) Set objNewUser = obj.Create("organizationalPerson", "cn=MyMailbox") With objNewUser .put "cn", "MyMailbox" .put "uid", "MyMailbox" .put "mailPreferenceOption", 0 .put "Home-MDB", "cn=Microsoft MTA,cn=USVWOAAHS30,cn=Servers,cn=Configuration," & _ "ou=NAR-ABH,o=VWGMS" .put "givenName", "VB" 'First Name .put "sn", "Test" 'Last name .put "postalAddress", "1234 Main Street" 'Address .put "l", "Anytown" 'City .put "st", "Any State" 'State .put "postalCode", "99999" 'Postal code .put "title", "Test Dummy" 'Title .put "company", "none of your business" 'Company .put "department", "CCCN" 'Department .put "physicalDeliveryOfficeName", "1c01" 'Office .put "telephoneNumber", "(999) 999-9999" 'Phone number .put "Proxy-Addresses", "smtp:[EMAIL PROTECTED]" 'Secondary Email Addresses .put "Proxy-Addresses", "SMTP:[EMAIL PROTECTED]" 'Primary Email Addresses .put "Proxy-Addresses", "RFAX:VBtest@" 'Primary Email Addresses .put "Proxy-Addresses", "X400:c=US;a=MCI;p=VWoA;o=NAR-ABH;s=test;g=VB" 'X400 Addresses .SetInfo End With End Sub List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
