Platform SDK: Exchange Server |
Modifies the owner of the provided Windows NT account security descriptor.
HRESULT ChangeOwnerOfSecDescriptor( [in] BSTR bstrOldDomain, [in] BSTR bstrOldOwner, [in] BSTR bstrNewDomain, [in] BSTR bstrNewOwner, [in] VARIANT varSecDesp, [out,retval] VARIANT* varNewSecDesp, );
Public Function ChangeOwnerofSecDescriptor( bstrOldDomain as String, bstrOldOwner as String, bstrNewDomain as String, bstrNewOwner as String, varSecDesp as Variant ) As Variant
Ownership of recipient directory objects is defined through the account security descriptor contained in the associated directory object's NT-Security-Descriptor attribute. To change ownership of a recipient object, you can first use this method to perform the necessary modifications to the current descriptor. Then you must update the directory object's attribute with the new descriptor.
Potential exceptions include HRESULT values of E_INVALIDARG as well as HRESULTs with the facility bits set to FACILITY_WIN32 (Win32). These values are generated by the standard call HRESULT_From_WIN32() function, returning the last thread error as an HRESULT across the interface. If the account was created successfully, the HRESULT value S_OK is returned.
The VBScript code below changes the passed security descriptor to reflect the specified account's (user name and domain) ownership.
Public Sub GetModifiedSecDesc( prgSecId, strUserNew, strDomainNew ) ' prgSecId - (old) current security id ' strUserNew - new owner ' strDomain - new domain Dim ntAcct Dim strDomainNew Dim prgSecIdNew ' will hold new security descriptor Dim strUserOld Dim strDomainOld ' CoCreateInstance and get IDispatch on object Set ntAcct = CreateObject("MSExchange.AcctMgmt") ' Get old user name and domain from descriptor call ntAcct.GetNameFromSid(strDomainOld,(prgSecId), strDomainOld,strUserOld) call ntAcct.ChangeOwnerOfSecDescriptor( strUserOld, strDomainOld, _ strUserNew, strDomainNew, _ (prgSecId), prgSecIdNew ) GetModifiedSecDesc = prgSecIdNew Set ntAcct = Nothing End Sub