Thanks Michael.
On Fri, Jan 21, 2011 at 3:12 PM, Michael B. Smith <[email protected]>wrote: > That’s got a lot of what’s required, but it doesn’t add the new ACL back > into objSD and it doesn’t properly sort the ACEs. As shown, the new ACE will > be the last ACE in the ACL, which is non-canonical, and will cause it to not > be used. > > > > You can get working code from my blog, you’ll just need to specify the new > ACE properly. > > > > See ReorderDACL here: > > < > http://theessentialexchange.com/blogs/michael/archive/2007/11/13/displaying-security-on-active-directory-exchange-and-registry-objects.aspx > > > > > > And AddAce here: > > < > http://theessentialexchange.com/blogs/michael/archive/2007/11/13/adding-a-hosted-exchange-user-with-vbscript.aspx > > > > > > Regards, > > > > Michael B. Smith > > Consultant and Exchange MVP > > http://TheEssentialExchange.com > > > > *From:* Al Rose [mailto:[email protected]] > *Sent:* Friday, January 21, 2011 8:34 AM > *To:* MS-Exchange Admin Issues > *Subject:* GRANT Associate external account permission to > NT-AUTHORITY\SELF > > > > Hi everyone, > > > > I need to GRANT Associate external account permission to NT-AUTHORITY\SELF > to disabled AD users (Functional mailboxes) with a vbs script. > > > > Does anyone have one i can use? > > > > > > I am trying the following without success: > > > > Function SetmsExchMasterAccountSid > > > > Dim objSD > > Dim objACL > > Dim objACE > > Dim found > > > > 'Set the primary Account to SELF > > objUser.Put "msExchMasterAccountSid", objUser.Get("objectSID") > > > > 'Get the mailbox security descriptor > > set objSD = objUser.Get("msExchMailboxSecurityDescriptor") > > set objACL = objSD.DiscretionaryAcl > > found = false > > > > for each objACE in objACL 'Iterate through the ACL to find the > SELF-Account > > if objACE.Trustee = "NT AUTHORITY\SELF" Then > > found = true > > wscript.echo "exists" > > Exit For > > end if > > next > > > > if not found then 'If no SELF-Account is present, create it > > set objACE = CreateObject("AccessControlEntry") > > objACE.Trustee = "NT AUTHORITY\SELF" > > wscript.echo "created" > > objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED > > objACL.AddAce objACE > > end if > > > > 'Give the SELF-Account the External-Account right > > objACE.AccessMask = objACE.AccessMask OR E2K_MB_READ_PERMISSIONS OR > > E2K_MB_FULL_MB_ACCESS OR E2K_MB_EXTERNAL_ACCOUNT > > > > 'Save the changes > > objUser.Put "msExchMailboxSecurityDescriptor", objSD > > objUser.setInfo > > > > Set objSD = Nothing > > Set objACL = Nothing > > Set objACE = Nothing > > End Function > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist > --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist
