AD/Exchange: "SELF" is not displayed!

Tyampoo · Joined: 07 Feb 2008 Posts: 2

This is what I did:
If Not flag Then 'SELF is not found
Set ace = CreateObject ("AccessControlEntry")
ace.Trustee = "SELF"
ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or
RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER
ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE
dacl.AddAce ace

'set back information
oSecurityDescriptor.DiscretionaryAcl = dacl
UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor
UserObject.SetInfo
WScript.Echo "Done"
End If

Situation:
If I run the script again for same user it shows that "SELF" is added.

Problem:
If I go thru GUI, "SELF" is not shown for the user.

Any suggestion/help is appreciated.

Thanks.
--
Tyampoo

Archived from group: microsoft>public>exchange>applications

John Fullbright · Joined: 05 Aug 2007 Posts: 365

What is eactly is it you're trying to do? SELF is a sort of programmatic
shortcut. A placeholder as it were that is placed on a mail enabled object
when it's created. After the first access, permissions are propagated and
it get's replaced bu the actual user object. I don't understand why you
would want to stick self back on mailboxes that have already been instanced.

"Tyampoo" wrote in message @microsoft.com...
> This is what I did:
> If Not flag Then 'SELF is not found
> Set ace = CreateObject ("AccessControlEntry")
> ace.Trustee = "SELF"
> ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or
> RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER
> ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
> ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE
> dacl.AddAce ace
>
> 'set back information
> oSecurityDescriptor.DiscretionaryAcl = dacl
> UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor
> UserObject.SetInfo
> WScript.Echo "Done"
> End If
>
> Situation:
> If I run the script again for same user it shows that "SELF" is added.
>
> Problem:
> If I go thru GUI, "SELF" is not shown for the user.
>
> Any suggestion/help is appreciated.
>
> Thanks.
> --
> Tyampoo

Tyampoo · Joined: 07 Feb 2008 Posts: 2

For some reason, for some user there ain't SELF so I have to check that it is
present and set AccessMask to 131079. I also tried to put "NT
AUTHORITY\SELF"; if I check programatically it shows but it does not show in
GUI.
--
Tyampoo

"John Fullbright" wrote:

> What is eactly is it you're trying to do? SELF is a sort of programmatic
> shortcut. A placeholder as it were that is placed on a mail enabled object
> when it's created. After the first access, permissions are propagated and
> it get's replaced bu the actual user object. I don't understand why you
> would want to stick self back on mailboxes that have already been instanced.
>
>
> "Tyampoo" wrote in message
> @microsoft.com...
> > This is what I did:
> > If Not flag Then 'SELF is not found
> > Set ace = CreateObject ("AccessControlEntry")
> > ace.Trustee = "SELF"
> > ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or
> > RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER
> > ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
> > ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE
> > dacl.AddAce ace
> >
> > 'set back information
> > oSecurityDescriptor.DiscretionaryAcl = dacl
> > UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor
> > UserObject.SetInfo
> > WScript.Echo "Done"
> > End If
> >
> > Situation:
> > If I run the script again for same user it shows that "SELF" is added.
> >
> > Problem:
> > If I go thru GUI, "SELF" is not shown for the user.
> >
> > Any suggestion/help is appreciated.
> >
> > Thanks.
> > --
> > Tyampoo
>
>
>

John Fullbright · Joined: 05 Aug 2007 Posts: 365

"For some reason, for some user there ain't SELF "

http://support.microsoft.com/kb/272153/en-us
http://support.microsoft.com/kb/304935/en-us

1. It's not a problem as long as the actual security descriptor for the
user has rights.
2. The process you are attempting to use only works if you set the
attribute before the mailbox is created.

"Tyampoo" wrote in message @microsoft.com...
> For some reason, for some user there ain't SELF so I have to check that it
> is
> present and set AccessMask to 131079. I also tried to put "NT
> AUTHORITY\SELF"; if I check programatically it shows but it does not show
> in
> GUI.
> --
> Tyampoo
>
>
> "John Fullbright" wrote:
>
>> What is eactly is it you're trying to do? SELF is a sort of programmatic
>> shortcut. A placeholder as it were that is placed on a mail enabled
>> object
>> when it's created. After the first access, permissions are propagated
>> and
>> it get's replaced bu the actual user object. I don't understand why you
>> would want to stick self back on mailboxes that have already been
>> instanced.
>>
>>
>> "Tyampoo" wrote in message
>> @microsoft.com...
>> > This is what I did:
>> > If Not flag Then 'SELF is not found
>> > Set ace = CreateObject ("AccessControlEntry")
>> > ace.Trustee = "SELF"
>> > ace.AccessMask = RIGHT_DS_SEND_AS Or RIGHT_DS_READ Or
>> > RIGHT_DS_TAKE_OWNERSHIP Or RIGHT_DS_MAILBOX_OWNER
>> > ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED
>> > ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE
>> > dacl.AddAce ace
>> >
>> > 'set back information
>> > oSecurityDescriptor.DiscretionaryAcl = dacl
>> > UserObject.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor
>> > UserObject.SetInfo
>> > WScript.Echo "Done"
>> > End If
>> >
>> > Situation:
>> > If I run the script again for same user it shows that "SELF" is added.
>> >
>> > Problem:
>> > If I go thru GUI, "SELF" is not shown for the user.
>> >
>> > Any suggestion/help is appreciated.
>> >
>> > Thanks.
>> > --
>> > Tyampoo
>>
>>
>>