Platform SDK: Exchange Server

IAcctMgmt::ChangeOwnerOfSecDescriptor Method

Modifies the owner of the provided Windows NT account security descriptor.

IDL Definition

HRESULT ChangeOwnerOfSecDescriptor(
   [in] BSTR bstrOldDomain,
   [in] BSTR bstrOldOwner,
   [in] BSTR bstrNewDomain,
   [in] BSTR bstrNewOwner,
   [in] VARIANT varSecDesp,
   [out,retval] VARIANT* varNewSecDesp,
);

Visual Basic Definition

Public Function ChangeOwnerofSecDescriptor(
   bstrOldDomain as String,
   bstrOldOwner as String,
   bstrNewDomain as String,
   bstrNewOwner as String,
   varSecDesp as Variant
) As Variant

Parameters

bstrOldDomain
The domain name for which the security descriptor was previously modified or generated.
bstrOldOwner
The account name for which the security descriptor was previously modified or generated.
bstrNewDomain
The new domain for which to modify the security descriptor.
bstrNewOwner
The new account name for which to modify the security descriptor.
varSecDesp
The security descriptor to modify.
varNewSecDesp
On return, the modified security descriptor.

Remarks

Ownership of recipient directory objects is defined through the account security descriptor contained in the associated directory object's NT-Security-Descriptor attribute. To change ownership of a recipient object, you can first use this method to perform the necessary modifications to the current descriptor. Then you must update the directory object's attribute with the new descriptor.

Potential exceptions include HRESULT values of E_INVALIDARG as well as HRESULTs with the facility bits set to FACILITY_WIN32 (Win32). These values are generated by the standard call HRESULT_From_WIN32() function, returning the last thread error as an HRESULT across the interface. If the account was created successfully, the HRESULT value S_OK is returned.

Example

The VBScript code below changes the passed security descriptor to reflect the specified account's (user name and domain) ownership.

Public Sub GetModifiedSecDesc( prgSecId, strUserNew, strDomainNew )
  ' prgSecId   -    (old) current security id
  ' strUserNew -    new owner
  ' strDomain  -    new domain
  
  Dim ntAcct
  Dim strDomainNew
  Dim prgSecIdNew  ' will hold new security descriptor
  Dim strUserOld 
  Dim strDomainOld
  
  
  ' CoCreateInstance and get IDispatch on object
  Set ntAcct = CreateObject("MSExchange.AcctMgmt")
  
  '  Get old user name and domain  from descriptor
  call ntAcct.GetNameFromSid(strDomainOld,(prgSecId), strDomainOld,strUserOld)

  call ntAcct.ChangeOwnerOfSecDescriptor( strUserOld, strDomainOld, _ 
                                          strUserNew, strDomainNew, _
                                          (prgSecId), prgSecIdNew )
  GetModifiedSecDesc = prgSecIdNew
  
  Set ntAcct = Nothing
                                          
End Sub