Platform SDK: Exchange Server |
Microsoft Exchange mailboxes require an associated Microsoft Windows NT domain account. The account's security identifier and descriptor must be placed into the new mailbox's directory object Assoc-NT-Account and NT-Security-Descriptor attributes respectively. Directly getting these values for accounts and then properly packaging them for transport to the directory using ADSI or LDAP is prohibitive from all languages other than C/C++. The AcctMgmt COM class can be used to help with the creation of Microsoft Exchange Server 5.5 mailboxes from applications written in all languages. The account management methods exposed are IAcctMgmt::NtAccountCreate and IAcctMgmt::NtAccountDelete. To map security identifiers to names and vice versa, the class provides the methods IAcctMgmt::GetNameFromSid and IAcctMgmt::GetSidFromName. To retrieve an account's security descriptor, you can use the IAcctMgmt::GenerateSecDescriptor method. The methods IAcctMgmt::GetNameFromSid and IAcctMgmt::GenerateSecDescriptor both return the values as SAFEARRAYS of VT_UI1 (unsigned chars), the required format for transport using ADSI objects.
Set mntAcct = CreateObject("MSExchange.AcctMgmt") strDomain = "domain" strUser = "username" strPassword = "password" strPath = "LDAP://server/o=Orgname/ou=Sitename/cn=Recipients" Const gstrNone = "" ' Create the account Call mntAcct.NtAccountCreate(strDomain, _ strUser, _ strPassword, _ gstrNone, _ gstrNone) ' Get the SID and descriptor for the directory object Call mntAcct.GetSidFromName(strDomain, strUser, varSecurityID) Call mntAcct.GenerateSecDescriptor(strDomain, strUser, varSecurityDescriptor) strContType = "2A864886F7140501" ' the default for accounts ' create the mailbox in the DS with ADSI ' set recipcont_obj = getobject(CStr(strPath)) set recip_obj = recipcont_obj.create( "organizationalPerson", "cn=MBName") ' now we set the required attributes for the directory object recip_obj.put "Deliv-Ext-Cont-Types", strContType recip_obj.put "NT-Security-Descriptor", (varSecurityDescriptor) recip_obj.put "Assoc-NT-Account", (varSecurityID) ' add the rest of the properties to the adsi object recip_obj.setinfo ' commit the contents of the adsi object to the directory