Platform SDK: Exchange Server

About the AcctCrt Component

Microsoft Exchange mailboxes require an associated Microsoft Windows NT domain account. The account's security identifier and descriptor must be placed into the new mailbox's directory object Assoc-NT-Account and NT-Security-Descriptor attributes respectively. Directly getting these values for accounts and then properly packaging them for transport to the directory using ADSI or LDAP is prohibitive from all languages other than C/C++. The AcctMgmt COM class can be used to help with the creation of Microsoft Exchange Server 5.5 mailboxes from applications written in all languages. The account management methods exposed are IAcctMgmt::NtAccountCreate and IAcctMgmt::NtAccountDelete. To map security identifiers to names and vice versa, the class provides the methods IAcctMgmt::GetNameFromSid and IAcctMgmt::GetSidFromName. To retrieve an account's security descriptor, you can use the IAcctMgmt::GenerateSecDescriptor method. The methods IAcctMgmt::GetNameFromSid and IAcctMgmt::GenerateSecDescriptor both return the values as SAFEARRAYS of VT_UI1 (unsigned chars), the required format for transport using ADSI objects.

Set mntAcct = CreateObject("MSExchange.AcctMgmt")
strDomain   = "domain"
strUser     = "username"
strPassword = "password"
strPath     = "LDAP://server/o=Orgname/ou=Sitename/cn=Recipients"
Const gstrNone = ""

' Create the account
Call mntAcct.NtAccountCreate(strDomain, _
                             strUser,  _
                             strPassword, _
                             gstrNone, _
                             gstrNone)

'  Get the SID and descriptor for the directory object
Call mntAcct.GetSidFromName(strDomain, strUser, varSecurityID)
Call mntAcct.GenerateSecDescriptor(strDomain, strUser, varSecurityDescriptor)

strContType = "2A864886F7140501" ' the default for accounts

' create the mailbox in the DS with ADSI
'
set recipcont_obj = getobject(CStr(strPath))
set recip_obj = recipcont_obj.create( "organizationalPerson", "cn=MBName")

' now we set the required attributes for the directory object
recip_obj.put "Deliv-Ext-Cont-Types", strContType
recip_obj.put "NT-Security-Descriptor", (varSecurityDescriptor)
recip_obj.put "Assoc-NT-Account", (varSecurityID)

  ' add the rest of the properties to the adsi object

recip_obj.setinfo   ' commit the contents of the adsi object to the directory