| Platform SDK: Active Directory, ADSI, and Directory Services |
Microsoft Exchange mailboxes require an associated Windows NT domain account. The account's security identifier and descriptor must be placed into the new mailbox's directory object Assoc-NT-Account and NT-Security-Descriptor attributes respectively. Directly getting these values for accounts and then properly packaging them for transport to the directory using ADSI or LDAP is prohibitive from all languages other than C/C++.
The AcctCrt component was created to be used from languages other than C++ to make the creation of Mailboxes with ADSI easier. This component allows you to set the security descriptor for the mailbox owner. It does not allow you to set security on objects other than mailboxes or permissions other than those needed for the primary owner of the mailbox. This component exposes only one class: AcctMgmt.
AcctCrt::GenerateSecDescriptor only sets the permissions to 0x1A, which is:
| Modify User Attributes | 0x02 |
| Send As | 0x08 |
| Mailbox Owner | 0x10 |
| ------ | |
| 0x1A |
See AcctCrt COM Component for more information.