Question : Setting msExchMailboxSecurityDescriptor with VB.NET

Hello,

I am trying to add a new security descriptor to a mailbox in order to grant another account full rights to it.  I currently add a normal security descriptor via this method:

    Protected Sub SetFullMbxPerms(ByVal user As DirectoryEntry, ByVal trustee As SecurityIdentifier)

        Dim userSecurity As ActiveDirectorySecurity = user.ObjectSecurity

        Dim fullMbxControl As New ActiveDirectoryAccessRule(trustee, _
            ActiveDirectoryRights.GenericAll, AccessControlType.Allow, _
            ActiveDirectorySecurityInheritance.SelfAndChildren)

        userSecurity.AddAccessRule(fullMbxControl)
        user.CommitChanges()

    End Sub

However, this is only getting me the Active Directory security and not the mailbox security.  How can I accomplish this through vb.net and modify the msExchMailboxSecurityDescriptor similiar to what I have done above?

Thanks,
Ron

Answer : Setting msExchMailboxSecurityDescriptor with VB.NET

Ok, this works using DirectoryEntry and cdoexm

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20: 21: 22: 23: 24: 25: 26: 27: 28:

Sub SetExMbxPerms2(ByVal user As DirectoryEntry, ByVal trustee As String) Const ADS_ACEFLAG_INHERIT_ACE = 2 Const ADS_RIGHT_DS_CREATE_CHILD = 1 Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Dim dacl As New AccessControlList Dim mailboxRights As New SecurityDescriptor Dim ace As New AccessControlEntry Dim mailbox As CDOEXM.IExchangeMailbox = user.NativeObject mailboxRights = mailbox.MailboxRights dacl = mailboxRights.DiscretionaryAcl ace.AccessMask = ADS_RIGHT_DS_CREATE_CHILD ace.AceType = ADS_ACETYPE_ACCESS_ALLOWED ace.AceFlags = ADS_ACEFLAG_INHERIT_ACE ace.Flags = 0 ace.Trustee = trustee Console.WriteLine(dacl.AceCount) dacl.AddAce(ace) Console.WriteLine(dacl.AceCount) mailboxRights.DiscretionaryAcl = dacl mailbox.MailboxRights = mailboxRights user.CommitChanges() End Sub