Setting the msExchMailboxSecurityDescriptor attribute
Dear All,
Iam trying to set the msExchMailboxSecurityDescriptor from JNDI as follows:
attrs.put("msExchMailboxSecurityDescriptor","SOMEVALUE");
I have tried several types of values. But the compiler is kind of kicking my butt with
javax.naming.directory.InvalidAttributeValueException: [LDAP: error code 19 - 000020A2: AtrErr: DSID-03150A10, #1:
0: 000020A2: DSID-03150A10, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 3bb00050 (msExchMailboxSecurityDescriptor)
I now know it is the wrong value, do you have examples or tips on correct values?
Thx in advance
Patrick
[625 byte] By [
pranay03a] at [2007-10-3 3:22:04]
You know how sometimes there are those kind of posts that ring alarm bells, encourage people to quote lines such as "Don't run with scissors", or where you conclude a thought with "There'll be tears !".
Well this is potentially one of those scenarios.
The Windows NT Security Descriptor structure is well documented on MSDN. Start with the Access Control List, and then enumerate each of the Access Control Entries. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/acl.asp
And that is only the starty of it. Then you have the canonical ordering, etc. etc....
To be quite honest, unless there is a well tested Java class for managing Windows ACL's, I would advise a very cautious approach, in fact cautious enough to suggest that you don't do it !
In any case modifying the security descriptors outside of either Windows tools, or the documented Win32 API's is probably unsupported by Microsoft.
hai Adler_Steven thanks for your post. I have learned a lot about adding users in AD from your posts on the forum.
I have come so far that I have managed to automatically create users in AD and create their mailbox. The only thing left is that users can not access their email because of the rights. (msExchMailboxSecurityDescriptor)
Now I might have to consider doing the whole creation part in VBS (with COM stuff) from within Java :/ .
Thanks again for your answer.
