Sign in with
Sign up | Sign in
Your question

Need help with LDAP query

Last response: in Windows 2000/NT
Share
Anonymous
April 5, 2005 12:18:28 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi guys,

I need to query AD to get the "Mailbox rights" from a bunch of users...
(i.e. who can connect to their mailboxes in Exchange 2000)

Can I do it via LDAP or do you know of a 3rd party tool?

Many thanks,

J

More about : ldap query

Anonymous
April 5, 2005 2:31:06 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

There is no easy way of doing this, I think you need to get the value of the
msExchMailBoxSecurityDescriptor attribute that has the mailbox rights stored
in Security Descriptor Definition Language.

Search msdn.microsoft.com for Security Descriptor Definition Language in
order to understand its syntax and the output.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Johnny Noitargim" <jm@nospamplease.com> skrev i meddelandet
news:42519387$0$94538$ed2619ec@ptn-nntp-reader01.plus.net...
> Hi guys,
>
> I need to query AD to get the "Mailbox rights" from a bunch of users...
> (i.e. who can connect to their mailboxes in Exchange 2000)
>
> Can I do it via LDAP or do you know of a 3rd party tool?
>
> Many thanks,
>
> J
>
>
Anonymous
April 5, 2005 2:31:07 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Yeah that info is there in that attribute however the supported mechanism is to
gather the data through the CDOEXM interface. Specifically you have to bind to
the user object with adsi and then grab the sd with the cdoexm method
MailboxRights and then enumerate through the ACEs.

It can be considered to be pretty messy. This KB has some info on setting
mailbox rights. It should give you an idea on how to read them as well.

joe




--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Chriss3 [MVP] wrote:
> There is no easy way of doing this, I think you need to get the value of the
> msExchMailBoxSecurityDescriptor attribute that has the mailbox rights stored
> in Security Descriptor Definition Language.
>
> Search msdn.microsoft.com for Security Descriptor Definition Language in
> order to understand its syntax and the output.
>
!