I wrote a while back about the Exchange System Manager, and while it was useful, it turns out that access rights to mailboxes are defined in the msExchMailboxSecurityDescriptor attribute in the AD. The problem is, rather than listing usernames, it lists ObjectIDs.
I’ve found a nifty way of pulling them out though:
DistinguishedName = “DN of Object”
set ObjUser = GetObject(“LDAP://” & DistinguishedName)
Set objsd = objUser.Get(“msExchMailboxSecurityDescriptor”)
Set dacl = objsd.DiscretionaryAcl
For Each ace In dacl
I’ve put this together in a script to report the access rights for lists of mail accounts. It’s one of those things I’ve been thinking about for a while, but finally got the chance to put it all together today.
I know a fair amount about Active Directory. But it turns out there’s a gap in my knowledge around exchange integration.
There’s a tool called Exchange System Manager that gives you some extra tabs in ADUC, that allows you to edit exchange properties.
The problem is, the software is only available for Vista, and fails to install on Windows 7 with an error, more or less saying, “Hey, you’re not Vista!”
The solution is to unpack the .exe file (using something like WinRAR or 7zip) to get to the msi. When there, you can install it using a switch:
Some people say you only need /q but I need /qb
I was a little confused what this switch does, but it turns out it just switches off the UI, basically, bypassing the bit that says, “Hey, you’re not Vista!” and allowing it to install.
Bit of a hack, but pretty cool really.