Mailbox security descriptor in Active directory programming using C#

This resource is particularly targeted for people doing active directory synchronization using C#. There are certain attributes which are stored in different formats in active directory and are difficult to decipher. Such an attribute is msexchmailboxsecuritydescriptor. The snippet helps in decoding the same.

The mailbox rights are stored on a security descriptor property that is located on the mailbox of a user. The attribute on the Active Directory user object used for this is called the msExchMailboxSecurityDescriptor.This attribute is designed only to reflect the mailbox rights on the user's mailbox.

The snippet helps in converting msexchmailboxsecuritydescriptor into a readable string.

//Load the user object
DirectoryEntry directoryEntry= new DirectoryEntry("LDAP://OU=xyz,DC=abc,DC=com");

//Instantiate an ActiveDirectorySecurity object
DirectoryObjectSecurity oSec = new ActiveDirectorySecurity();

//Convert the security descriptor into a byte array and call the
//SetSecurityDescriptorBinaryForm method of DirectoryObjectSecurity object

//Get the descriptor by invoking the GetSecurityDescriptorSddlForm method
propertyvalue = oSec.GetSecurityDescriptorSddlForm(AccessControlSections.All);

oSec = null;

Best Regards,
Sudeep Syamnath


No responses found. Be the first to comment...

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: