Need help with LDAP query

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi guys,

I need to query AD to get the "Mailbox rights" from a bunch of users...
(i.e. who can connect to their mailboxes in Exchange 2000)

Can I do it via LDAP or do you know of a 3rd party tool?

Many thanks,

J
2 answers Last reply
More about need ldap query
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    There is no easy way of doing this, I think you need to get the value of the
    msExchMailBoxSecurityDescriptor attribute that has the mailbox rights stored
    in Security Descriptor Definition Language.

    Search msdn.microsoft.com for Security Descriptor Definition Language in
    order to understand its syntax and the output.

    --
    Regards
    Christoffer Andersson
    Microsoft MVP - Directory Services

    No email replies please - reply in the newsgroup
    ------------------------------------------------
    http://www.chrisse.se - Active Directory Tips

    "Johnny Noitargim" <jm@nospamplease.com> skrev i meddelandet
    news:42519387$0$94538$ed2619ec@ptn-nntp-reader01.plus.net...
    > Hi guys,
    >
    > I need to query AD to get the "Mailbox rights" from a bunch of users...
    > (i.e. who can connect to their mailboxes in Exchange 2000)
    >
    > Can I do it via LDAP or do you know of a 3rd party tool?
    >
    > Many thanks,
    >
    > J
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Yeah that info is there in that attribute however the supported mechanism is to
    gather the data through the CDOEXM interface. Specifically you have to bind to
    the user object with adsi and then grab the sd with the cdoexm method
    MailboxRights and then enumerate through the ACEs.

    It can be considered to be pretty messy. This KB has some info on setting
    mailbox rights. It should give you an idea on how to read them as well.

    joe


    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    www.joeware.net


    Chriss3 [MVP] wrote:
    > There is no easy way of doing this, I think you need to get the value of the
    > msExchMailBoxSecurityDescriptor attribute that has the mailbox rights stored
    > in Security Descriptor Definition Language.
    >
    > Search msdn.microsoft.com for Security Descriptor Definition Language in
    > order to understand its syntax and the output.
    >
Ask a new question

Read More

LDAP Microsoft Active Directory Windows