Last post Mar 15, 2006 10:18 AM by RemarkLima
Mar 08, 2006 10:42 AM|RemarkLima|LINK
As per this thread: http://forums.asp.net/1220177/ShowPost.aspx
I'd like to get the Security Descriptor using "pure" .NET if possible... I can get the SID (kind of) like so:
As New DirectoryEntry("WinNT://" & Domain & "/" & Username)
Dim r As PropertyCollection
r = Dir.Properties
But can't seem to find the Security Descriptor property... Any ideas???
Mar 08, 2006 05:36 PM|dunnry|LINK
Mar 09, 2006 03:32 AM|RemarkLima|LINK
Thanks for the reply Ryan,
I'm adding an Exchange 5.5 mailbox, which has 2 LDAP properties:
These associate the Mailbox with a NT4 Domain account.
I'm currently getting arrDIS and arrSD by using the SDK component, AcctCrt.dll like so:
As New MSExchangeAcctLib.AcctMgmt
Dim arrSID, arrSD As
objUI.GetSidFromName(Domain, Username, arrSID)
objUI.GenerateSecDescriptor(Domain, Username, arrSD)
objUI = Nothing
Ideally I'd like to get those vars from .NET rather than rely on an external component that needs to be registered on the web server, allowing it to be just a bit more portable... However from what you've said
it sounds like it'll be a lot more work than it's actually worth!
Mar 12, 2006 01:31 PM|dunnry|LINK
Well, getting the SID is easy if you need it only in byte format. Just pull the 'objectSid' property from the user's account and cast to a byte array. If you need the SDDL format, you need to use p/invoke for v.1.x or the SecurityIdentifier class from
Now, the ACL depends on whether the SACL is attached and what format you need (byte array?). If you tell me what format you need, I can show you how to do it and you won't need the other component.
Mar 15, 2006 10:18 AM|RemarkLima|LINK
Sorry for the delay in getting back... Good ol' work getting in the way!
Anyway, that's the strange thing, the AcctCrt.dll returns a byte array but it seems some how different to the one from the "objectSid" property...
Both are needed for creating an Exchange 5.5 Mailbox on an NT4 domain, so the user it is associated with is already entered, but this needs to be by SID and Security Descriptor... When I get some time I'll have a look into what
sizes are being produced by the AcctCrt.dll file...