In the ADSI SDK, you will find a DLL named adssecurity.dll.
Register that DLL on your system (by typing `regsvr32 adssecurity.dll`) and
then start using the appropriate calls.
There is no need for packing/unpacking data, and granted it's not as easy as
drag-n-drop in a GUI, but you create it once, and use it a million times. I
consider it a fair trade-off.
Yes, OLE is hard to initially understand and embrace, but once you do, the
whole world becomes an opportunity for automation (provided M$ has an API
for it... :) ).
(There are plenty of working examples for exchange 5.5 and 2K user creation
in activestate's and topica's archives)
I have thousnads of _useable_ 5.5 mailboxes on my domain that were created
using Perl and OLE.
Code for setting up security on a mailbox. (imcomplete because you need to
bind to the mailbox first)
------------------------------------------
$ADS_SID_HEXSTRING = 0x01;
$ADS_SID_WINNT_PATH = 0x05;
$ADS_RIGHT_EXCH_MODIFY_USER_ATT = 0x02;
$ADS_RIGHT_EXCH_MAIL_SEND_AS = 0x08;
$ADS_RIGHT_EXCH_MAIL_RECEIVE_AS = 0x10;
$ADS_ACETYPE_ACCESS_ALLOWED = 0x00;
$sid = Win32::OLE->CreateObject("ADsSID");
$sid->SetAs($ADS_SID_WINNT_PATH, "WinNT://$pdc/$username,user");
$sidHex = $sid->GetAs($ADS_SID_HEXSTRING);
$mailbox->Put("Assoc-NT-Account", $sidHex );
$mailbox->SetInfo;
#Owner of mailbox is now set.
#This is what you need the dll for
$sec = Win32::OLE->CreateObject("ADsSecurity");
$new_user_ADsPath =
"LDAP://$exch_server_name/cn=$username,cn=Recipients,ou=$exch_org_unit,o=$ex
ch_org";
$sd = $sec->GetSecurityDescriptor($new_user_ADsPath);
$dacl = $sd->{DiscretionaryAcl};
$ace = Win32::OLE->CreateObject("AccessControlEntry");
$ace->{Trustee} = "$userid";
$ace->{AccessMask} = $ADS_RIGHT_EXCH_MODIFY_USER_ATT |
$ADS_RIGHT_EXCH_MAIL_SEND_AS | $ADS_RIGHT_EXCH_MAIL_RECEIVE_AS;
$ace->{AceType} = $ADS_ACETYPE_ACCESS_ALLOWED;
$dacl->AddAce($ace);
$sd->{DiscretionaryAcl} = $dacl;
$sec->SetSecurityDescriptor($sd);
$mailbox->SetInfo;
#permissions are now set for the user. (provided no errors were encountered,
but we won't know 'cause there's not error-checking here)
Steven
-----Original Message-----
From: Rick Tatem [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 27, 2002 11:57 AM
To: 'Jarrod Ramsey'; [EMAIL PROTECTED]
Subject: RE: Exchange Woes
Creating _useable_ mailboxes is the trickiest bit. There are additional
steps needed due to the way security is handled. It's NOT simply a matter
of adding "DOMAIN\USERID" to the 'Associate NT Account' attribute. There's
a .dll out there that you can call via Win32::OLE that will do the necessary
bits (AcctCtrl.dll, or something similar... my memory of 5.5 specifics is
quickly fading ;)
I remember stumbling across a Perl-based example that actually did the
security settings (but I'm admittedly weak on using 'pack' and 'unpack') but
I'm not sure where it was... not particularly helpful, I know.
Rick
---
Rick Tatem
Messaging and Directory Resources
SAS Institute Inc.
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
To unsubscribe: http://listserv.ActiveState.com/mailman/mysubs
