Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

mailbox access rights

8 views

Skip to first unread message

Preeti Rani

unread,

Mar 10, 2009, 6:19:12 AM3/10/09

We are trying to add user "everyone" to the ACL of a user and give
"everyone" "full mailbox access" right. Below is the code that i have
finally come up with, which fails at
dHr = dUser->Put(CComBSTR("msExchMailboxSecurityDescriptor"), var);
The error is: The Security ID structure is Invalid.
Please help.

*************************************

#include<activeds.h>

#include<atlbase.h>

#include<iostream>

int main(int argc, char *argv[])

{

//Initialize the COM Library

HRESULT dHr;

dHr = CoInitialize(NULL);

IADsContainer *dCont; //Container that hols the ADSI Object

IDispatch *dDisp;

IADsUser *dUser; //User Object

VARIANT var; //To store the attribute value for users

int str_size = MultiByteToWideChar(CP_ACP, 0, argv[2], -1, NULL, 0);

LPWSTR serverName = new WCHAR[str_size]; //Active Directory Path to
create the users there

MultiByteToWideChar(CP_ACP, 0, argv[2], -1, serverName, str_size);

str_size = MultiByteToWideChar(CP_ACP, 0, argv[3], -1, NULL, 0);

LPWSTR domainName = new WCHAR[str_size]; //Active Directory Path to
create the users there

MultiByteToWideChar(CP_ACP, 0, argv[3], -1, domainName, str_size);

LPWSTR dADPath = new WCHAR[MAX_PATH];

swprintf(dADPath, L"LDAP://%s.%s.com/CN=Users,dc=%s,dc=com",
serverName, domainName, domainName);

//UserName and Password are set to null to use the current security
context

LPWSTR dUserPass = NULL;

LPWSTR dUserName = NULL;

int nUsers = atoi(argv[1]); //Number of users to be created

//create nUsers number of users along with their mailboxes

//bind to an ADSI object for the appropriate directory service

dHr = ADsOpenObject(dADPath,

L"administrator",

L"passd$%4",

ADS_SECURE_AUTHENTICATION,

IID_IADsContainer,

(void**)&dCont);

wchar_t username[] = L"acl_user11";

wchar_t temp_username[] = L"cn=acl_user11";

dHr = dCont->Delete(L"user",CComBSTR(temp_username));

dHr = dCont->Create(CComBSTR("user"), CComBSTR(temp_username),
&dDisp);

dHr = dDisp->QueryInterface(IID_IADsUser,(void**)&dUser);

VariantInit(&var);

V_BSTR(&var) = username;

V_VT(&var)=VT_BSTR;

//set the account name for the user to login

dHr = dUser->Put(CComBSTR("samAccountName"), var);

//This attribute is the alias to the mailbox

dHr = dUser->Put(CComBSTR("mailNickname"), var);

//represents you for mail delivery, and in the address book

dHr = dUser->Put(CComBSTR("displayName"), var);

LPWSTR dMBPath = new WCHAR[MAX_PATH];

swprintf(dMBPath, L"/o=First Organization/ou=First Administrative
Group/cn=Configuration/cn=Servers/cn=%s", serverName);

MultiByteToWideChar(CP_ACP, 0, argv[4], -1, dMBPath, str_size);

//legacy distinguished name to the server where you want to create the
mailbox

V_BSTR(&var) = (BSTR)dMBPath;

dHr = dUser->Put(CComBSTR("msExchHomeServerName"), var);

//commit the changes to the user, can change the password in the next
statement

dHr = dUser->SetInfo();

dHr = dUser->SetPassword(CComBSTR(L"passd$%4"));

CComBSTR dProp;

CComVariant dvar = NULL;

//set the pwdLastSet attribute to -1 to avoid changing the password at
next logon

dProp = "pwdLastSet";

dvar = -1;

dHr = dUser->Put( dProp, dvar );

CComBSTR sbstrProp;

CComVariant svar = NULL;

sbstrProp = "userAccountControl";

dHr = dUser->Get(sbstrProp, &svar);

if(SUCCEEDED(dHr))

{

svar = svar.lVal & ~(ADS_UF_PASSWORD_EXPIRED ) ;

dHr = dUser->Put(sbstrProp, svar);

}

//enable the account created that is disabled by default

dHr = dUser->put_AccountDisabled(VARIANT_FALSE);

dHr = dUser->SetInfo();

// Now change mailbox access rights

IDispatch *pDisp = NULL;

IADsSecurityDescriptor *psd = NULL;

IADsAccessControlList *pAcl;

// Create security descriptor object

dHr = CoCreateInstance(CLSID_SecurityDescriptor,

NULL,

CLSCTX_INPROC_SERVER,

IID_IADsSecurityDescriptor,

(void**)&psd);

// Create ACL object

dHr = CoCreateInstance(CLSID_AccessControlList,

NULL,

CLSCTX_INPROC_SERVER,

IID_IADsAccessControlList,

(void**)&pAcl);

dHr = pAcl->put_AceCount(1);

dHr = pAcl->put_AclRevision(1); //using ACL_REVISION_DS does not work,
undefined revision level

IADsAccessControlEntry *pAce;

// Create ACE object

dHr = CoCreateInstance(CLSID_AccessControlEntry,

NULL,

CLSCTX_INPROC_SERVER,

IID_IADsAccessControlEntry,

(void**)&pAce);

// Init ACE

dHr = pAce->put_Trustee(CComBSTR("storage\\Everyone"));

dHr = pAce->put_AceType(ADS_ACETYPE_ACCESS_ALLOWED);

dHr = pAce->put_AccessMask( ADS_RIGHT_DS_CREATE_CHILD );

dHr = pAce->put_AceFlags(ADS_ACEFLAG_INHERIT_ACE);

// Add ACE to ACL

dHr = pAce->QueryInterface(IID_IDispatch,(void**)&pDisp);

dHr = pAcl->AddAce(pDisp);

// Init Security Descriptor object

dHr = psd->put_Revision(1);

dHr = psd->put_OwnerDefaulted(true);

dHr = psd->put_GroupDefaulted(true);

dHr = psd->put_DaclDefaulted(false);

dHr = psd->put_SaclDefaulted(true);

// Add ACL to Security Descriptor object

dHr = pAcl->QueryInterface(IID_IDispatch,(void**)&pDisp);

dHr = psd->put_DiscretionaryAcl(pDisp);

// Add Security Descriptor to User object

dHr = psd->QueryInterface(IID_IDispatch,(void**)&pDisp);

var.vt = VT_DISPATCH;

var.pdispVal = pDisp;

// Error: The security ID structure is invalid

dHr = dUser->Put(CComBSTR("msExchMailboxSecurityDescriptor"), var);

// Commit the attribute settings

dHr = dUser->SetInfo();

// Free the handles

if(dCont)

dCont->Release();

if(dDisp)

dDisp->Release();

if(dUser)

dUser->Release();

CoUninitialize();

return 0;

}

0 new messages