Need help with LDAP query

  • Thread starter Johnny Noitargim
  • Start date
J

Johnny Noitargim

Hi guys,

I need to query AD to get the "Mailbox rights" from a bunch of users...
(i.e. who can connect to their mailboxes in Exchange 2000)

Can I do it via LDAP or do you know of a 3rd party tool?

Many thanks,

J
 
C

Chriss3 [MVP]

There is no easy way of doing this, I think you need to get the value of the
msExchMailBoxSecurityDescriptor attribute that has the mailbox rights stored
in Security Descriptor Definition Language.

Search msdn.microsoft.com for Security Descriptor Definition Language in
order to understand its syntax and the output.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
 
J

Joe Richards [MVP]

Yeah that info is there in that attribute however the supported mechanism is to
gather the data through the CDOEXM interface. Specifically you have to bind to
the user object with adsi and then grab the sd with the cdoexm method
MailboxRights and then enumerate through the ACEs.

It can be considered to be pretty messy. This KB has some info on setting
mailbox rights. It should give you an idea on how to read them as well.

joe
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LDAP win2003/SSL 2
LDAP Query Error 1
Minimum AD Permissions needed to query LDAP for username password auth 2
LDAP query result sorting -> Change the order of AD DCs found in the list 2
custom LDAP query 2
People on LDAP 3
LDAP help needed 4
LDAP traffic across sites 1

Top