Mailbox security descriptor in Active directory programming using C#
This resource is particularly targeted for people doing active directory synchronization using C#.
There are certain attributes which are stored in different formats in active directory and are difficult to decipher. Such an attribute is msexchmailboxsecuritydescriptor. The snippet helps in decoding the same.
The mailbox rights are stored on a security descriptor property that is located on the mailbox of a user. The attribute on the Active Directory user object used for this is called the msExchMailboxSecurityDescriptor.This attribute is designed only to reflect the mailbox rights on the user's mailbox.
The snippet helps in converting msexchmailboxsecuritydescriptor into a readable string.
//Load the user object
DirectoryEntry directoryEntry= new DirectoryEntry("LDAP://OU=xyz,DC=abc,DC=com");
//Instantiate an ActiveDirectorySecurity object
DirectoryObjectSecurity oSec = new ActiveDirectorySecurity();
//Convert the security descriptor into a byte array and call the
//SetSecurityDescriptorBinaryForm method of DirectoryObjectSecurity object
oSec.SetSecurityDescriptorBinaryForm((byte[])directoryEntry.Properties["msexchmailboxsecuritydescriptor"]);
//Get the descriptor by invoking the GetSecurityDescriptorSddlForm method
propertyvalue = oSec.GetSecurityDescriptorSddlForm(AccessControlSections.All);
oSec = null;
Best Regards,
Sudeep Syamnath