FrankenPC

How in the heck do you get a DACL updated on a public folder in Exchange using ADODB. Here is the test code. I get an error: The parameter is incorrect. This is an ADODB error. BUT, this code was taken directly from an example from Microsoft. So, if THEY don't know how to use the security descriptor parameter...who does? Help me! I'm in hell!

Sub TestSecurity(ByVal RootFolder As String, ByVal FolderName As String, ByVal USER As String)

Dim con As New ADODB.Connection
Dim rec As New ADODB.Record
Dim fld As ADODB.Field
Dim strDomainName As String
Dim strLocalPath As String
Dim strURL As String

USER = "NETELELECTRONICA\" & USER

'Create URL to folder
strDomainName = "NETELECTRONICA.LOCAL"
strLocalPath = "public folders/CLIENTS/" & FolderName
strURL = "file://./backofficestorage/" & strDomainName & "/" & strLocalPath

'Explicit connection for testing
con.Provider = "ExOLEDB.Datasource"
con.ConnectionString = strURL
con.Open()

'Great for dumping the existing DACL list
rec.Open(strURL, con)

'List the SD as XML
fld = rec.Fields("http://schemas.microsoft.com/exchange/security/descriptor")
'MsgBox(fld.Value)

rec.Close()

'Open it again
rec.Open(strURL, con, ADODB.ConnectModeEnum.adModeReadWrite)

'Modify SD
'Owner masks
'Dim allowedAccessMask As String = "1fc9bf"
'Dim deniedAccessMask As String = "0"
'Dim subContainerAllowedAccessMask As String = "1fc9bf"
'Dim subContainerDeniedAccessMask As String = "0"
'Dim subItemAllowedAccessMask As String = "1f0fbf"
'Dim subItemDeniedAccessMask As String = "0"
'Visible masks
'Dim allowedAccessMask As String = "1208a9"
'Dim deniedAccessMask As String = "dc916"
'Dim subContainerAllowedAccessMask As String = "1208a9"
'Dim subContainerDeniedAccessMask As String = "dc916"
'Dim subItemAllowedAccessMask As String = "0"
'Dim subItemDeniedAccessMask As String = "1f0fbf"

Dim allowedAccessMask As String = "1208a9"
Dim deniedAccessMask As String = "dc916"
Dim subContainerAllowedAccessMask As String = "1208a9"
Dim subContainerDeniedAccessMask As String = "dc916"
Dim subItemAllowedAccessMask As String = "0"
Dim subItemDeniedAccessMask As String = "1f0fbf"

Dim effectiveAce As String

effectiveAce = "" & _
"<S:access_allowed_ace S:inherited=""0"">" & _
"<S:access_mask>" & allowedAccessMask & "</S:access_mask>" & _
"<S:sid>" & _
"<S:nt4_compatible_name>" & USER & "</S:nt4_compatible_name>" & _
"</S:sid>" & _
"</S:access_allowed_ace>" & _
"<S:access_denied_ace S:inherited=""0"">" & _
"<S:access_mask>" & deniedAccessMask & "</S:access_mask>" & _
"<S:sid>" & _
"<S:nt4_compatible_name>" & USER & "</S:nt4_compatible_name>" & _
"</S:sid>" & _
"</S:access_denied_ace>"

Dim SubContainerAce As String

SubContainerAce = "" & _
"<S:access_allowed_ace S:inherited=""0"" S:no_propagate_inherit=""0"">" & _
"<S:access_mask>" & subContainerAllowedAccessMask & "</S:access_mask>" & _
"<S:sid>" & _
"<S:nt4_compatible_name>" & USER & "</S:nt4_compatible_name>" & _
"</S:sid>" & _
"</S:access_allowed_ace>" & _
"<S:access_denied_ace S:inherited=""0"" S:no_propagate_inherit=""0"">" & _
"<S:access_mask>" & subContainerDeniedAccessMask & "</S:access_mask>" & _
"<S:sid>" & _
"<S:nt4_compatible_name>" & USER & "</S:nt4_compatible_name>" & _
"</S:sid>" & _
"</S:access_denied_ace>"

Dim SubItemAce As String

SubItemAce = "" & _
"<S:access_allowed_ace S:inherited=""1"" S:no_propagate_inherit=""0"">" & _
"<S:access_mask>" & subItemAllowedAccessMask & "</S:access_mask>" & _
"<S:sid>" & _
"<S:nt4_compatible_name>" & USER & "</S:nt4_compatible_name>" & _
"</S:sid>" & _
"</S:access_allowed_ace>" & _
"<S:access_denied_ace S:inherited=""1"" S:no_propagate_inherit=""0"">" & _
"<S:access_mask>" & subItemDeniedAccessMask & "</S:access_mask>" & _
"<S:sid>" & _
"<S:nt4_compatible_name>" & USER & "</S:nt4_compatible_name>" & _
"</S:sid>" & _
"</S:access_denied_ace>"

Dim Descriptor As String

Descriptor = "" & _
"<E:descriptor " & _
"xmlns:E=""http://schemas.microsoft.com/exchange/security"" " & _
"xmlns:S=""http://schemas.microsoft.com/security"" " & _
"xmlns=""urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882"" " & _
"D:dt=""microsoft.security_descriptor"">" & _
"<S:security_descriptor xmlns:S=""http://schemas.microsoft.com/security/"" xmlns=""urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/"" D:dt=""microsoft.security_descriptor"" S:from_mapi_tlh=""1"">" & _
"<S:dacl S:defaulted=""0"" Srotected=""0"" S:autoinherited=""1"">" & _
"<S:revision>2</S:revision>" & _
"<S:effective_aces>" & effectiveAce & "</S:effective_aces>" & _
"<S:subcontainer_inheritable_aces>" & SubContainerAce & "</S:subcontainer_inheritable_aces>" & _
"<S:subitem_inheritable_aces>" & SubItemAce & "</S:subitem_inheritable_aces>" & _
"</S:dacl>" & _
"</S:security_descriptor>" & _
"</E:descriptor>"

rec.Fields.Append("http://schemas.microsoft.com/exchange/security/descriptor", ADODB.DataTypeEnum.adBSTR, Len(Descriptor), , Descriptor)

Try
rec.Fields.Update()
Catch ex As Exception
MsgBox(ex.Message) 'Message:The parameter is Incorrect
End Try

'Close it
rec.Close()
con.Close()

End Sub

__________________
Previous Member of Team Owners - 1st to hit 200k and 250K

Previous member of Rough Riders - 1st to hit 300k!!!

Adios everyone! I've been proud to be a member of Owners and Riders.

ENTERPRISE

This is a question for a Coding or programmer person really . Anyone ?

__________________

FrankenPC

I think I got a good answer from Microsoft...I have to convert the existing XML security descriptor into a XMLDOM object and add the new security nodes manually. Then re-save the whole XML blob back into the Exchange database. (sounds of newspaper and wind). Anyway, if anyone ever tries exchange programming, I have some experience.

__________________
Previous Member of Team Owners - 1st to hit 200k and 250K

Previous member of Rough Riders - 1st to hit 300k!!!

Adios everyone! I've been proud to be a member of Owners and Riders.

Xaimus

I think I'm going to do my best to stay far, far away from Exchange. : D

__________________
3030303030303030303 <33333333