RE: NT user Exchange mailbox association
Contact me offlist then. They're all written in VB. They don't use the AcctMgmt component. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 11 January 2002 03:29 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I would like to have a look at them. Which language are they written in? Do they make use of the same AcctMgmt component? -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 9:13 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I have some routines that will do this, if you need them. You said in a previous message I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:53 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I do understand that I have to create an NT account before I can populate the Assoc-NT-Account and NT-Security-Descriptor fields of the LDAP entry. With reference to the discussion below: When my application is installed on machine B (domain controller, where Exchange is installed), new NT users are created and associations established properly. When my application is installed on machine C (the member server), I am not able to access machine B's User information. My application makes use of the AcctMgmt CoClass provided by Microsoft. This CoClass exposes interfaces like NTAccountCreate, NTAccountDelete, GetSidFromName etc. We chose to use this component instead of the normal Win32 APIs to retrieve the SID and Security Information, because we couldnt obtain the binary format of Security Descriptor attribute that needs to be populated for NT-Security-Descriptor of LDAP mailbox entry. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 6:52 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I'm still not sure I understand what you're asking.You seem to indicate that you think an NT account is created when you create a mailbox. Simply populating the Assoc-Nt-Account DOES NOT create an NT account. You have to create the NT account first then associate it with the mailbox. Your application will access a DC to get a list of NT accounts which you can then associate with a mailbox. It doesn't really matter where the application runs. As long as you're logged into the domain you can access the DC's list of NT users. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:14 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association Please find answers inline. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 5:33 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? - Yes machine B is the domain controller for domain A c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? - This is not a domain controller. It is a member server. Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. - I want to create a new mailbox in Exchange. Correspondingly, I need to create an NT user who shall be associated with this mailbox by populating the assoc-nt-account and nt-security-descriptor attributes of the mailbox entry. So will my tool sitting on machine C be able to create an NT user in machine B ? Is some kind of trust relationship required to be established between Machine B and C, for C to be able to create user accounts in B. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able
RE: NT user Exchange mailbox association
A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access) to this object (the mailbox in this case) and what their rights are (each entry is contained in an ACE or Access Control Entry). When you log in to NT you get a token which, when you try and access any object (including logging on to a mailbox) is compared against it's ACL. If there is a match you get the designated access to that object. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 06:26 To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: NT user Exchange mailbox association
I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed c. Machine C (in domain A) where my tool is installed. Is it possible for me sitting on machine C, to create users in Machine B ? I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access) to this object (the mailbox in this case) and what their rights are (each entry is contained in an ACE or Access Control Entry). When you log in to NT you get a token which, when you try and access any object (including logging on to a mailbox) is compared against it's ACL. If there is a match you get the designated access to that object. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 06:26 To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: NT user Exchange mailbox association
A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access) to this object (the mailbox in this case) and what their rights are (each entry is contained in an ACE or Access Control Entry). When you log in to NT you get a token which, when you try and access any object (including logging on to a mailbox) is compared against it's ACL. If there is a match you get the designated access to that object. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 06:26 To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: NT user Exchange mailbox association
Please find answers inline. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 5:33 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? - Yes machine B is the domain controller for domain A c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? - This is not a domain controller. It is a member server. Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. - I want to create a new mailbox in Exchange. Correspondingly, I need to create an NT user who shall be associated with this mailbox by populating the assoc-nt-account and nt-security-descriptor attributes of the mailbox entry. So will my tool sitting on machine C be able to create an NT user in machine B ? Is some kind of trust relationship required to be established between Machine B and C, for C to be able to create user accounts in B. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access) to this object (the mailbox in this case) and what their rights are (each entry is contained in an ACE or Access Control Entry). When you log in to NT you get a token which, when you try and access any object (including logging on to a mailbox) is compared against it's ACL. If there is a match you get the designated access to that object. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 06:26 To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: NT user Exchange mailbox association
I'm still not sure I understand what you're asking.You seem to indicate that you think an NT account is created when you create a mailbox. Simply populating the Assoc-Nt-Account DOES NOT create an NT account. You have to create the NT account first then associate it with the mailbox. Your application will access a DC to get a list of NT accounts which you can then associate with a mailbox. It doesn't really matter where the application runs. As long as you're logged into the domain you can access the DC's list of NT users. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:14 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association Please find answers inline. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 5:33 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? - Yes machine B is the domain controller for domain A c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? - This is not a domain controller. It is a member server. Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. - I want to create a new mailbox in Exchange. Correspondingly, I need to create an NT user who shall be associated with this mailbox by populating the assoc-nt-account and nt-security-descriptor attributes of the mailbox entry. So will my tool sitting on machine C be able to create an NT user in machine B ? Is some kind of trust relationship required to be established between Machine B and C, for C to be able to create user accounts in B. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access) to this object (the mailbox in this case) and what their rights are (each entry is contained in an ACE or Access Control Entry). When you log in to NT you get a token which, when you try and access any object (including logging on to a mailbox) is compared against it's ACL. If there is a match you get the designated access to that object. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 06:26 To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http
RE: NT user Exchange mailbox association
I do understand that I have to create an NT account before I can populate the Assoc-NT-Account and NT-Security-Descriptor fields of the LDAP entry. With reference to the discussion below: When my application is installed on machine B (domain controller, where Exchange is installed), new NT users are created and associations established properly. When my application is installed on machine C (the member server), I am not able to access machine B's User information. My application makes use of the AcctMgmt CoClass provided by Microsoft. This CoClass exposes interfaces like NTAccountCreate, NTAccountDelete, GetSidFromName etc. We chose to use this component instead of the normal Win32 APIs to retrieve the SID and Security Information, because we couldnt obtain the binary format of Security Descriptor attribute that needs to be populated for NT-Security-Descriptor of LDAP mailbox entry. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 6:52 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I'm still not sure I understand what you're asking.You seem to indicate that you think an NT account is created when you create a mailbox. Simply populating the Assoc-Nt-Account DOES NOT create an NT account. You have to create the NT account first then associate it with the mailbox. Your application will access a DC to get a list of NT accounts which you can then associate with a mailbox. It doesn't really matter where the application runs. As long as you're logged into the domain you can access the DC's list of NT users. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:14 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association Please find answers inline. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 5:33 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? - Yes machine B is the domain controller for domain A c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? - This is not a domain controller. It is a member server. Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. - I want to create a new mailbox in Exchange. Correspondingly, I need to create an NT user who shall be associated with this mailbox by populating the assoc-nt-account and nt-security-descriptor attributes of the mailbox entry. So will my tool sitting on machine C be able to create an NT user in machine B ? Is some kind of trust relationship required to be established between Machine B and C, for C to be able to create user accounts in B. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access) to this object (the mailbox in this case) and what their rights are (each entry is contained in an ACE or Access Control Entry). When you log in to NT you get a token which, when you try and access any object (including logging on to a mailbox) is compared against it's ACL. If there is a match you get the designated access to that object. Kevin -Original Message- From: Rajalakshmi Iyer
RE: NT user Exchange mailbox association
You're asking how to set up a profile? -- Drew Visit http://www.drewncapris.net! Go! Go there now! He who angers you conquers you. -- Elizabeth Kenny -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 12:26 AM To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: NT user Exchange mailbox association
If I'm reading your questions right, you would add an account for and exchange client. Give either the name or IP of your server and the user's username. I can give you detailed directions if you wish. Ptl. Bob Couchman Unit 57 Network Administrator Madisonville Police Department 99 East Center Street Madisonville, KY 42431 (270) 821-1720 (270) 824-2115 (fax) [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Visit the Madisonville Police Department on the internet at http://www.madisonvillepd.com http://www.madisonvillepd.com/ -Original Message- From: Drewski [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 8:39 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association You're asking how to set up a profile? -- Drew Visit http://www.drewncapris.net! Go! Go there now! He who angers you conquers you. -- Elizabeth Kenny -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 12:26 AM To: MS-Exchange Admin Issues Subject: NT user Exchange mailbox association Hi, What is the significance of associating an NT user with an Exchange 5.5 mailbox? Consider the following situation: a) Exchange Server 5.5 which needs to be on a domain controller machine b) I have an NT user on the same machine where Exchange is installed and it is associated with a mailbox. Now, what are steps in authenticating a mail client like Outlook (from a different machine) with the mail server like Exchange with the help of this NT user association? Thanks and regards, Rajalakshmi Iyer List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm
RE: NT user Exchange mailbox association
I have some routines that will do this, if you need them. You said in a previous message I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:53 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I do understand that I have to create an NT account before I can populate the Assoc-NT-Account and NT-Security-Descriptor fields of the LDAP entry. With reference to the discussion below: When my application is installed on machine B (domain controller, where Exchange is installed), new NT users are created and associations established properly. When my application is installed on machine C (the member server), I am not able to access machine B's User information. My application makes use of the AcctMgmt CoClass provided by Microsoft. This CoClass exposes interfaces like NTAccountCreate, NTAccountDelete, GetSidFromName etc. We chose to use this component instead of the normal Win32 APIs to retrieve the SID and Security Information, because we couldnt obtain the binary format of Security Descriptor attribute that needs to be populated for NT-Security-Descriptor of LDAP mailbox entry. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 6:52 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I'm still not sure I understand what you're asking.You seem to indicate that you think an NT account is created when you create a mailbox. Simply populating the Assoc-Nt-Account DOES NOT create an NT account. You have to create the NT account first then associate it with the mailbox. Your application will access a DC to get a list of NT accounts which you can then associate with a mailbox. It doesn't really matter where the application runs. As long as you're logged into the domain you can access the DC's list of NT users. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:14 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association Please find answers inline. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 5:33 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? - Yes machine B is the domain controller for domain A c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? - This is not a domain controller. It is a member server. Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. - I want to create a new mailbox in Exchange. Correspondingly, I need to create an NT user who shall be associated with this mailbox by populating the assoc-nt-account and nt-security-descriptor attributes of the mailbox entry. So will my tool sitting on machine C be able to create an NT user in machine B ? Is some kind of trust relationship required to be established between Machine B and C, for C to be able to create user accounts in B. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief description of the DSM in relation to Exchange: All objects in Exchange will have an ACL (Access Control List) as part of it's Security Descriptor the same as any other object in NT. The discretionary ACL (for it is he that we are talking about), will contain all users who have (or perhaps explicitly do not have access
RE: NT user Exchange mailbox association
I would like to have a look at them. Which language are they written in? Do they make use of the same AcctMgmt component? -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 9:13 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I have some routines that will do this, if you need them. You said in a previous message I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:53 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I do understand that I have to create an NT account before I can populate the Assoc-NT-Account and NT-Security-Descriptor fields of the LDAP entry. With reference to the discussion below: When my application is installed on machine B (domain controller, where Exchange is installed), new NT users are created and associations established properly. When my application is installed on machine C (the member server), I am not able to access machine B's User information. My application makes use of the AcctMgmt CoClass provided by Microsoft. This CoClass exposes interfaces like NTAccountCreate, NTAccountDelete, GetSidFromName etc. We chose to use this component instead of the normal Win32 APIs to retrieve the SID and Security Information, because we couldnt obtain the binary format of Security Descriptor attribute that needs to be populated for NT-Security-Descriptor of LDAP mailbox entry. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 6:52 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I'm still not sure I understand what you're asking.You seem to indicate that you think an NT account is created when you create a mailbox. Simply populating the Assoc-Nt-Account DOES NOT create an NT account. You have to create the NT account first then associate it with the mailbox. Your application will access a DC to get a list of NT accounts which you can then associate with a mailbox. It doesn't really matter where the application runs. As long as you're logged into the domain you can access the DC's list of NT users. Kevin -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 12:14 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association Please find answers inline. -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 5:33 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A few questions in-line: -Original Message- From: Rajalakshmi Iyer [mailto:[EMAIL PROTECTED]] Sent: 10 January 2002 08:20 To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association I am working on a synchronization tool that will synchronize recipient entries between Exchange and any other directory server. Now, consider the case, where my tool needs to add a new mailbox into Exchange, then it also need to associate an NT user on the machine where Exchange is installed with the Exchange mailbox. Take the following scenario: a. Domain A b. Machine B (domain controller) where Exchange is installed. I assume this is the DC for Domain A? - Yes machine B is the domain controller for domain A c. Machine C (in domain A) where my tool is installed. Is this a DC also or a member server? - This is not a domain controller. It is a member server. Is it possible for me sitting on machine C, to create users in Machine B ? Create NT users or mailboxes?? Are you just asking whether you can run a program on Machine C which will be capable of associating NT accounts with mailboxes? The NT accounts will be created on the DC (not on a member server). Therefore, when you attempt to associate an NT account you will get the SID read from your DC. You can create mailboxes on any Exchange server, in any container to which you have access. - I want to create a new mailbox in Exchange. Correspondingly, I need to create an NT user who shall be associated with this mailbox by populating the assoc-nt-account and nt-security-descriptor attributes of the mailbox entry. So will my tool sitting on machine C be able to create an NT user in machine B ? Is some kind of trust relationship required to be established between Machine B and C, for C to be able to create user accounts in B. I came across an AcctMgmt COM component in MSDN, which does the same, but was not able to achieve the desired result. Thanks and regards, -Rajalakshmi Iyer -Original Message- From: Snook, Kevin S (ITD) [mailto:[EMAIL PROTECTED]] Sent: Thursday, January 10, 2002 2:24 PM To: MS-Exchange Admin Issues Subject: RE: NT user Exchange mailbox association A brief
