Hi everyone,
I need to GRANT Associate external account permission to NT-AUTHORITY\SELF
to disabled AD users (Functional mailboxes) with a vbs script.
Does anyone have one i can use?
I am trying the following without success:
Function SetmsExchMasterAccountSid
Dim objSD
Dim objACL
Dim objACE
Dim found
'Set the primary Account to SELF
objUser.Put "msExchMasterAccountSid", objUser.Get("objectSID")
'Get the mailbox security descriptor
set objSD = objUser.Get("msExchMailboxSecurityDescriptor")
set objACL = objSD.DiscretionaryAcl
found = false
for each objACE in objACL 'Iterate through the ACL to find the
SELF-Account
if objACE.Trustee = "NT AUTHORITY\SELF" Then
found = true
wscript.echo "exists"
Exit For
end if
next
if not found then 'If no SELF-Account is present, create it
set objACE = CreateObject("AccessControlEntry")
objACE.Trustee = "NT AUTHORITY\SELF"
wscript.echo "created"
objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED
objACL.AddAce objACE
end if
'Give the SELF-Account the External-Account right
objACE.AccessMask = objACE.AccessMask OR E2K_MB_READ_PERMISSIONS OR
E2K_MB_FULL_MB_ACCESS OR E2K_MB_EXTERNAL_ACCOUNT
'Save the changes
objUser.Put "msExchMailboxSecurityDescriptor", objSD
objUser.setInfo
Set objSD = Nothing
Set objACL = Nothing
Set objACE = Nothing
End Function
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe exchangelist
