中文字幕久久人妻无码人妻_ 如何在創(chuàng )建Exchange郵箱時(shí)設置權限

概要

本文介紹在 Microsoft Active Directory 目錄服務(wù)中為用戶(hù)對象啟用郵箱時(shí)，如何以編程方式修改 Microsoft Exchange Server 2000 或 2003 郵箱的郵箱權限。

本文包含示例代碼，向您顯示在已經(jīng)為 Exchange 2000 或 2003 信息存儲區中的用戶(hù)創(chuàng )建了實(shí)際郵箱之前，并且已經(jīng)在 Active Directory 中為用戶(hù)對象啟用了郵箱之后，如何設置 Exchange 2000 或 2003 郵箱的郵箱權限。

注意：如果 Exchange 2000 或 2003 信息存儲區中已經(jīng)存在郵箱，則此代碼不起作用。換句話(huà)說(shuō)，如果用戶(hù)的郵箱已經(jīng)被訪(fǎng)問(wèn)，則該代碼不會(huì )影響用戶(hù)郵箱的實(shí)際郵箱權限。有關(guān)在信息存儲區中已經(jīng)創(chuàng )建 Exchange 2000 郵箱前后如何設置該郵箱的郵箱權限的更多信息，請單擊下面的文章編號，以查看 Microsoft 知識庫中相應的文章：

310866 (http://support.microsoft.com/kb/310866/) 如何設置信息存儲區中現有郵箱的 Exchange Server 2003 和 Exchange 2000 Server 郵箱權限

更多信息

在 Exchange 2000 或 2003 組織中，郵箱包含兩部分（在 Microsoft Windows 2000 或 Microsoft Windows Server 2003 域環(huán)境中）。

•	Active Directory 啟用了郵箱的用戶(hù)：這只是 Active Directory 中的用戶(hù)對象。此用戶(hù)對象上設置了多個(gè)相關(guān)郵件屬性和相關(guān)郵箱屬性。
•	Exchange 信息存儲區中的郵箱文件夾：這是用戶(hù)實(shí)際郵件的存儲位置，其中設置了多個(gè)特定于郵箱的屬性。

郵箱權限存儲在安全描述符屬性中，該屬性位于信息存儲區的郵箱中。Active Directory 用戶(hù)對象還有一個(gè)名為 msExchMailboxSecurityDescriptor 的屬性。此屬性設計為僅用于反映用戶(hù)郵箱的郵箱權限。

Exchange 2000 或 2003 中郵箱啟用過(guò)程的簡(jiǎn)要概述

下面是在 Active Directory 中創(chuàng )建 Exchange 2000 或 2003 啟用了郵箱的用戶(hù)通常所采取的步驟：

1.	域管理員從“Active Directory 用戶(hù)和計算機”(ADUnC) 管理單元或從使用 Active Directory Services Interfaces (ADSI) 的代碼，創(chuàng )建 Active Directory 用戶(hù)對象并啟用用戶(hù)帳戶(hù)。
2.	域管理員然后從 ADUnC 或通過(guò) Collaboration Data Objects for Exchange Management (CDOEXM) 中的 ImailboxStore 接口以編程方式為此用戶(hù)啟用郵箱。本文的“參考”一節中包含一個(gè)指向有關(guān) IMailboxStore 接口的文檔的鏈接。不支持除 CDOEXM 之外的任何用于以編程方式為用戶(hù)對象啟用郵箱的方法。這兩種方法可以確保在為用戶(hù)對象啟用郵箱時(shí)該用戶(hù)對象的 msExchMailboxSecurityDescriptor 屬性和其他多個(gè)屬性設置正確。此步驟主要設置 Active Directory 中用戶(hù)對象的郵件屬性和郵箱屬性的小子集。此時(shí)，用戶(hù)的郵箱還不能訪(fǎng)問(wèn)。
3.	根據計劃運行的時(shí)間，Exchange 2000 或 2003 服務(wù)器上運行的收件人更新服務(wù) (RUS) 會(huì )對此用戶(hù)對象的其余所有相關(guān)郵件屬性和相關(guān)郵箱屬性進(jìn)行標記。此時(shí)，尚未在 Exchange 2000 或 2003 信息存儲區中創(chuàng )建用戶(hù)的郵箱。但是，已經(jīng)完全為用戶(hù)啟用了郵箱?，F在，郵箱已經(jīng)可以訪(fǎng)問(wèn)。
4.	用戶(hù)第一次訪(fǎng)問(wèn)郵箱或第一封郵件被路由到郵箱時(shí)，將在 Exchange 2000 或 2003 信息存儲區中創(chuàng )建實(shí)際郵箱。此時(shí)，當 Exchange 為用戶(hù)創(chuàng )建郵箱時(shí)，將在存儲區中郵箱的安全描述符中設置郵箱權限。這基于 msExchMailboxSecurityDescriptor 屬性中設置的訪(fǎng)問(wèn)控制條目 (ACE)。

msExchMailboxSecurityDesciptor 屬性

此屬性存在于 Active Directory 中的用戶(hù)對象中。它存儲用戶(hù)的郵箱安全描述符的部分副本。此屬性不鏈接回用戶(hù)的郵箱安全描述符。

換句話(huà)說(shuō)，如果直接修改此屬性，將不會(huì )更新 Exchange 信息存儲區中用戶(hù)的郵箱中的實(shí)際郵箱安全描述符，除非在信息存儲區中創(chuàng )建實(shí)際郵箱之前設置此屬性。

實(shí)際上，如果由 Active Directory 中用戶(hù)對象的 msExchMailboxSecurityDescriptor 屬性反映的安全描述符和信息存儲區中用戶(hù)郵箱中存儲的安全描述符之間有沖突，Exchange 會(huì )修復 msExchMailboxSecurityDescriptor 屬性以反映用戶(hù)郵箱中的安全描述符。如果從 ADUnC 或通過(guò) CDOEXM IExchangeMailbox 接口修改用戶(hù)郵箱的安全描述符，則 msExchMailboxSecurityDescriptor 屬性會(huì )自動(dòng)更新以反映這些更改。

使用 msExchMailboxSecurityDescriptor 屬性的限制

•

僅當在信息存儲區中創(chuàng )建郵箱之前設置此屬性時(shí)，對此屬性進(jìn)行的更改才會(huì )反映在用戶(hù)郵箱的安全描述符中。注意，當 Active Directory 中啟用了郵箱的用戶(hù)第一次訪(fǎng)問(wèn)郵箱或所有郵件都發(fā)送到此用戶(hù)時(shí)，將在 Exchange 存儲區中創(chuàng )建此用戶(hù)的 Exchang 2000 和 2003 郵箱。

•

此屬性的另一個(gè)限制是該屬性不反映實(shí)際郵箱的安全描述符中任何繼承的 ACE。因此，讀取此目錄屬性不是讀取用戶(hù)的郵箱權限的最準確的方法。

使用 msExchMailboxSecurityDescriptor 屬性的優(yōu)點(diǎn)

•

此屬性在 Active Directory 中的用戶(hù)對象上定義。因此，可以使用任何與輕型目錄訪(fǎng)問(wèn)協(xié)議 (LDAP) 兼容的 API（如 ADSI API 或 LDAP API）訪(fǎng)問(wèn)該屬性。

•

因為此代碼不需要 CDOEXM，所以您可以從未安裝 Microsoft Exchange 2000 和 2003 系統管理工具的服務(wù)器運行該代碼。但是同樣必須在信息存儲區中創(chuàng )建用戶(hù)郵箱之前設置郵箱權限。另外，您可以隨時(shí)讀取此用戶(hù)郵箱的郵箱權限。但是請記住本文中提到的限制。（請參閱“使用 msExchMailboxSecurityDescriptor 屬性的限制”一節。）

如果未在信息存儲區中創(chuàng )建實(shí)際郵箱之前設置啟用了郵箱的用戶(hù)的 msExchMailboxSecurityDescriptor 屬性，則信息存儲區中郵箱的實(shí)際安全描述符屬性將不包含具有下列內容的 ACE：

•	受信者屬性設置為本人
•	訪(fǎng)問(wèn)掩碼屬性設置為郵箱完全控制權限
•	讀取權限設置為允許
•	ACE 類(lèi)型設置為允許

如果是這種情況，則當用戶(hù)嘗試訪(fǎng)問(wèn)公用文件夾或本地 Exchange 服務(wù)器之外的任何資源時(shí)，可能會(huì )遇到問(wèn)題。CDOEXM 庫中的 IMailboxStore 接口之所以是唯一受支持的以編程方式針對 Exchange 2000 或 2003 存儲區為 Active Directory 用戶(hù)啟用郵箱的機制，這是其中一個(gè)原因。下面的示例向您顯示如何使用 ADSI 和 CDOEXM 在 Active Directory 中創(chuàng )建啟用了郵箱的用戶(hù)對象。然后，手動(dòng)設置 msExchMailboxSecurityDescriptor 接口以包含具有代碼中指定的受信者的 ACE。此示例的唯一目的就是向您顯示如何在訪(fǎng)問(wèn)用戶(hù)郵箱以及在信息存儲區中創(chuàng )建用戶(hù)郵箱之前設置此屬性（如果該屬性以前未正確設置）。

設置 Visual Basic 環(huán)境以運行 Visual Basic 示例

1.	在 Exchange 2000 或 2003 服務(wù)器上啟動(dòng) Microsoft Visual Basic 6.0。
2.	創(chuàng )建一個(gè)新的標準 EXE 項目。為此，請單擊文件菜單上的新建，然后雙擊標準 EXE。
3.	在項目菜單上，單擊引用，然后選擇“活動(dòng) DS 類(lèi)型庫”和“Microsoft CDO for Exchange Management”。
4.	在窗體的源視圖中，鍵入或粘貼以下代碼以替換 Form_Load() 子例程。
5.	將變量 sUserADsPath 中設置的值更改為您要查看或修改其郵箱權限的 Active Directory 用戶(hù)對象的 LDAP 路徑。

注意：此示例向您顯示了如何讀取 msExchMailboxSecurityDescriptor 屬性中存儲的郵箱權限的副本。它還顯示了如何修改郵箱權限以及向作為受信者的本人 ACE 添加郵箱完全控制權限的 ACE。

回到頂端

Visual Basic 代碼

‘********************************************************************‘*‘* Function AddAce(dacl, TrusteeName, gAccessMask, gAceType,‘*            gAceFlags, gFlags, gObjectType, gInheritedObjectType)‘*‘* Purpose: Adds an ACE to a DACL‘* Input:       dacl            Object‘s Discretionary Access Control List‘*              TrusteeName     SID or Name of the trustee user account‘*              gAccessMask     Access Permissions‘*              gAceType        ACE Types‘*              gAceFlags       Inherit ACEs from the owner of the ACL‘*              gFlags          ACE has an object type or inherited object type‘*              gObjectType     Used for Extended Rights‘*              gInheritedObjectType‘*‘* Output:  Object - New DACL with the ACE added‘*‘********************************************************************Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)    Dim Ace1    ‘ Create a new ACE object    Set Ace1 = CreateObject("AccessControlEntry")    Ace1.AccessMask = gAccessMask    Ace1.AceType = gAceType    Ace1.AceFlags = gAceFlags    Ace1.Flags = gFlags    Ace1.Trustee = TrusteeName    ‘Check to see if ObjectType needs to be set    If CStr(gObjectType) <> "0" Then       Ace1.ObjectType = gObjectType    End If    ‘Check to see if InheritedObjectType needs to be set    If CStr(gInheritedObjectType) <> "0" Then        Ace1.InheritedObjectType = gInheritedObjectType    End If    dacl.AddAce Ace1    ‘ Destroy objects    Set Ace1 = NothingEnd FunctionPrivate Sub Form_Load()Dim objContainer As IADsContainerDim objUser As IADsUserDim objMailbox As CDOEXM.IMailboxStoreDim oSecurityDescriptor As SecurityDescriptorDim dacl As AccessControlListDim ace As AccessControlEntry‘ ********************************************************************‘ You must change this variable according to your environment‘sContainerADsPath = "LDAP://domain.com/cn=Users,DC=domain,DC=com"sUserLoginName = "testUser"sUserFirstName = "Test"sUserLastName = "User"sMBXStoreDN = "CN=Mailbox Store (ExServer),CN=First Storage Group," & _   "CN=InformationStore,CN=ExServer,CN=Servers,CN=AdminGP," & _   "CN=Administrative Groups,CN=Microsoft,CN=Microsoft Exchange," & _   "CN=Services,CN=Configuration,DC=domain,DC=com"sTrustee = "domainName\userName"‘ ********************************************************************‘ Get directory container object objectSet objContainer = GetObject(sContainerADsPath)‘ Create the user object in the target container in Active DirectorySet objUser = objContainer.Create("User", "CN=" & sUserFirstName & " " & _              sUserLastName)objUser.Put "samAccountName", sUserLoginNameobjUser.Put "givenName", sUserFirstNameobjUser.Put "sn", sUserLastNameobjUser.SetInfoobjUser.SetPassword "password"objUser.SetInfo‘ Mailbox-enable the user object by using the CDOEXM::IMailboxStore‘ interface‘ This also sets the msExchMailboxSecurityDescriptor appropriatelySet objMailbox = objUserobjMailbox.CreateMailbox sMBXStoreDNobjUser.SetInfo‘**************************************************************************‘  The msExchMailboxSecurityDescriptor attribute is a backlink attribute‘   from the Exchange Mailbox in the Web store to the directory. What this‘   implies is that the mailbox rights are stored on the actual mailbox in‘   the Web store and this directory attribute reflects these mailbox‘   rights.‘  By default, changing this attribute does not affect the mailbox rights‘   in the store. This attribute can only be modified before the actual‘   mailbox in the store is created. If it is set before the mailbox in‘   the Web store is created, Exchange will use the DACL set on this‘   attribute as the DACL for mailbox rights on the mailbox in the store.‘   Therefore, it can only be set before the mailbox-creation time.‘  On installing Exchange 2000 SP2 on the Exchange Server where this code‘   is being run, that would enable modifying the actual mailbox rights‘   even after mailbox creation.‘**************************************************************************‘ Get the copy Mailbox Security Descriptor (SD) stored on the‘ msExchMailboxSecurityDescriptor attributeobjUser.GetInfoEx Array("msExchMailboxSecurityDescriptor"), 0Set oSecurityDescriptor = objUser.Get("msExchMailboxSecurityDescriptor")‘ Extract the Discretionary Access Control List (ACL) using the‘ IADsSecurityDescriptor interfaceSet dacl = oSecurityDescriptor.DiscretionaryAcl‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘  The following block of code demonstrates reading all the ACEs on a‘  DACL for the Exchange 2000 mailbox.‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘Debug.Print "Here are the existing ACEs the mailbox‘s DACL - "‘ Enumerate all the access control entries (ACEs) in the ACL using‘ the IADsAccessControlList interface, thus displaying the current‘ mailbox rightsDebug.Print "Trustee, AccessMask, ACEType, ACEFlags, Flags, ObjectType, InheritedObjectType"Debug.Print "-------  ----------  -------  --------  -----  ----------" & _            " -------------------"Debug.PrintFor Each ace In dacl‘ Display all the ACEs‘ properties by using the IADsAccessControlEntry‘ interface    Debug.Print ace.Trustee & ", " & ace.AccessMask & ", " & _      ace.AceType & ", " & ace.AceFlags & ", " & ace.Flags & ", " & _      ace.ObjectType & ", " & ace.InheritedObjectTypeNext‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘  The following block of code demonstrates adding a new ACE to the DACL‘  for the Exchange 2000 mailbox with the Trustee specified in sTrustee,‘  giving allow "Full Control" over this mailbox.‘  This is the same task that is performed by ADUnC when selecting Add,‘  specifying the Trustee, and checking the "Full Mailbox Access" Rights‘  checkbox under the Mailbox Rights in the Exchange Advanced tab on the‘  properties of a user.‘  Similarly, you could remove ACEs from this ACL as well using the‘  IADsAccessControlEntry interfaces.‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘ Template: AddAce(TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)‘ Setting the Access Mask to 131075 enables "full mailbox access" and‘ "read" privilegesAddAce dacl, sTrustee, 131075, _       ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0, 0, 0‘ Add the modified DACL back onto the Security DescriptoroSecurityDescriptor.DiscretionaryAcl = dacl‘ Save New SD onto the userobjUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor‘ Commit changes from the property cache to the Information StoreobjUser.SetInfoMsgBox "Done viewing and modifying the copy of the Mailbox Security Descriptor"End Sub

回到頂端

Visual Basic 腳本代碼

Dim objContainerDim objUserDim objMailboxDim oSecurityDescriptorDim daclDim ace‘ ********************************************************************‘ You must change this variable according to your environment‘sContainerADsPath = "LDAP://domain.com/cn=Users,DC=domain,DC=com"sUserLoginName = "testUser"sUserFirstName = "Test"sUserLastName = "User"sMBXStoreDN = "CN=Mailbox Store (ExServer),CN=First Storage Group," & _   "CN=InformationStore,CN=ExServer,CN=Servers,CN=AdminGP," & _   "CN=Administrative Groups,CN=Microsoft,CN=Microsoft Exchange," & _   "CN=Services,CN=Configuration,DC=domain,DC=com"sTrustee = "domainName\userName"‘ ********************************************************************‘ Get directory container object objectSet objContainer = GetObject(sContainerADsPath)‘ Create the user object in the target container in Active DirectorySet objUser = objContainer.Create("User", "CN=" & sUserFirstName & " " & _              sUserLastName)objUser.Put "samAccountName", sUserLoginNameobjUser.Put "givenName", sUserFirstNameobjUser.Put "sn", sUserLastNameobjUser.SetInfoobjUser.SetPassword "password"objUser.SetInfo‘ Mailbox enable the user object by using the CDOEXM::IMailboxStore‘ interface‘ This also sets the msExchMailboxSecurityDescriptor appropriatelySet objMailbox = objUserobjMailbox.CreateMailbox sMBXStoreDNobjUser.SetInfo‘**************************************************************************‘  The msExchMailboxSecurityDescriptor attribute is a backlink attribute‘   from the Exchange Mailbox in the Web Store to the directory. What this‘   implies is that the mailbox rights are stored on the actual mailbox in‘   the Web store and this directory attribute reflects these mailbox‘   rights.‘  By default, changing this attribute does not affect the mailbox rights‘   in the store. This attribute can only be modified before the actual‘   mailbox in the store is created. If it is set before the mailbox in‘   the Web store is created, Exchange will use the DACL set on this‘   attribute as the DACL for mailbox rights on the mailbox in the store.‘   Therefore, it can only be set before the mailbox creation time.‘  On installing Exchange 2000 SP2 on the Exchange Server where this code‘   is being run, that would enable modifying the actual mailbox rights‘   even after mailbox creation.‘**************************************************************************‘ Get the copy Mailbox Security Descriptor (SD) stored on the‘ msExchMailboxSecurityDescriptor attributeobjUser.GetInfoEx Array("msExchMailboxSecurityDescriptor"), 0Set oSecurityDescriptor = objUser.Get("msExchMailboxSecurityDescriptor")‘ Extract the Discretionary Access Control List (ACL) using the‘ IADsSecurityDescriptor interfaceSet dacl = oSecurityDescriptor.DiscretionaryAcl‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘  The following block of code demonstrates reading all the ACEs on a‘  DACL for the Exchange 2000 mailbox.‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘Wscript.echo "Here are the existing ACEs the mailbox‘s DACL - "‘ Enumerate all the access control entries (ACEs) in the ACL using‘ the IADsAccessControlList interface, thus displaying the current‘ mailbox rightsWscript.echo "Trustee, AccessMask, ACEType, ACEFlags, Flags, ObjectType, InheritedObjectType"Wscript.echo "-------  ----------  -------  --------  -----  ----------" & _            " -------------------"Wscript.echoFor Each ace In dacl‘ Display all the ACEs‘ properties using the IADsAccessControlEntry‘ interface    Wscript.echo ace.Trustee & ", " & ace.AccessMask & ", " & _      ace.AceType & ", " & ace.AceFlags & ", " & ace.Flags & ", " & _      ace.ObjectType & ", " & ace.InheritedObjectTypeNext‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘  The following block of code demonstrates adding a new ACE to the DACL‘  for the Exchange 2000 mailbox with the Trustee specified in sTrustee,‘  giving allow "Full Control" over this mailbox.‘  This is the same task that is performed by ADUnC when selecting Add,‘  specifying the Trustee, and checking the "Full Mailbox Access" Rights‘  checkbox under the Mailbox Rights in the Exchange Advanced tab on the‘  properties of a user.‘  Similarly, you could remove ACEs from this ACL as well using the‘  IADsAccessControlEntry interfaces.‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘‘ Template: AddAce(TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)‘ Setting the Access Mask to 131075 enables "full mailbox access" and‘ "read" priviledgesAddAce dacl, sTrustee, 131075, _       ADS_ACETYPE_ACCESS_ALLOWED, ADS_ACEFLAG_INHERIT_ACE, 0, 0, 0‘ Add the modified DACL back onto the Security DescriptoroSecurityDescriptor.DiscretionaryAcl = dacl‘ Save New SD onto the userobjUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor‘ Commit changes from the property cache to the information storeobjUser.SetInfoMsgBox "Done viewing and modifying the copy of the Mailbox Security Descriptor"‘********************************************************************‘*‘* Function AddAce(dacl, TrusteeName, gAccessMask, gAceType,‘*            gAceFlags, gFlags, gObjectType, gInheritedObjectType)‘*‘* Purpose: Adds an ACE to a DACL‘* Input:       dacl            Object‘s Discretionary Access Control List‘*              TrusteeName     SID or Name of the trustee user account‘*              gAccessMask     Access Permissions‘*              gAceType        ACE Types‘*              gAceFlags       Inherit ACEs from the owner of the ACL‘*              gFlags          ACE has an object type or inherited object type‘*              gObjectType     Used for Extended Rights‘*              gInheritedObjectType‘*‘* Output:  Object - New DACL with the ACE added‘*‘********************************************************************Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType)    Dim Ace1    ‘ Create a new ACE object    Set Ace1 = CreateObject("AccessControlEntry")    Ace1.AccessMask = gAccessMask    Ace1.AceType = gAceType    Ace1.AceFlags = gAceFlags    Ace1.Flags = gFlags    Ace1.Trustee = TrusteeName    ‘Check to see if ObjectType needs to be set    If CStr(gObjectType) <> "0" Then       Ace1.ObjectType = gObjectType    End If    ‘Check to see if InheritedObjectType needs to be set    If CStr(gInheritedObjectType) <> "0" Then        Ace1.InheritedObjectType = gInheritedObjectType    End If    dacl.AddAce Ace1    ‘ Destroy objects    Set Ace1 = NothingEnd Function

參考

有關(guān) CDOEXM IMailboxStore::CreateMailbox 的更多信息，請訪(fǎng)問(wèn)下面的 Microsoft 網(wǎng)站：

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wss/wss/_cdo_imailboxstore_createmailbox.asp (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wss/wss/_cdo_imailboxstore_createmailbox.asp)

有關(guān) ADSI 中相關(guān)安全接口的更多信息，請訪(fǎng)問(wèn)下面的 Microsoft 網(wǎng)站：

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/security_interfaces.asp (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/security_interfaces.asp)

Adssecurity.dll 是 Active Directory Service Interfaces (ADSI) 2.5 資源工具包的一部分。要下載 ADSI 2.5 資源工具包，請訪(fǎng)問(wèn)下面的 Microsoft 網(wǎng)站。使用 Regsvr32 注冊 ADsSecurity.dll。

http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp (http://www.microsoft.com/ntserver/nts/downloads/other/ADSI25/default.asp)

有關(guān)關(guān)聯(lián)的外部帳戶(hù)的更多信息，請單擊下面的文章編號，以查看 Microsoft 知識庫中相應的文章：

278888 (http://support.microsoft.com/kb/278888/) 如何將 Exchange 2000 郵箱或 Exchange 2003 郵箱與 Windows NT 4.0 帳戶(hù)關(guān)聯(lián)

本站僅提供存儲服務(wù)，所有內容均由用戶(hù)發(fā)布，如發(fā)現有害或侵權內容，請點(diǎn)擊舉報。

欧美性猛交XXXX免费看蜜桃,成人网18免费韩国,亚洲国产成人精品区综合,欧美日韩一区二区三区高清不卡,亚洲综合一区二区精品久久

概要