Using ADSI's LDAP provider against a Microsoft Exchange 5.5 (or higher) server, you can query and manipulate the directory configuration, create and remove mailboxes, as well as manage distribution lists. Using these programmatic methods , you can, for example, automate the creation of a mailbox when a new user account request is fulfilled.
In most organizations, the distribution list owner must authorize the addition or removal of list members . Using ADSI's LDAP provider, you can instead delegate the responsibility for managing distribution lists to the list owner by implementing a Web front-end for list management.
In this section, we will take a look at the programmatic techniques you can employ to perform such tasks using Visual Basic, the ADSI LDAP provider, and the Microsoft ADSI resource kit ADsSecurity.DLL for managing Exchange directory security.
When the Exchange Administrator is installed, an NT account creation automatically starts a Graphical User Interface (GUI) to allow simultaneous creation of an Exchange mailbox. Using programmatic methods, you lose the integration of the Exchange mailbox creation GUI. However, you can use ADSI's LDAP provider to programmatically create a mailbox and associate it with a Windows NT user domain account.
Note
Before continuing, be sure that the NT account used to log in to the development workstation has been assigned the right to modify the Exchange database. The necessary rights are granted to the default Exchange roles: Permissions Admin and Service Account Admin .
Use the following Visual Basic code to programmatically create an Exchange mailbox:
Dim ExchangeServerName As String Dim ExchangeServerOrganization As String Dim ExchangeServerSite As String Dim Mailbox As IADs Dim MailboxParentContainer as IADs Dim MailboxRelativePath As String Dim MailboxDisplayName As String Dim MailboxFirstName As String Dim MailboxLastName As String Dim MailboxMiddleInitial As String Dim MailboxAlias As String Dim MTA As String Dim MDB As String Dim MailboxSMTPAddress As String Dim MailboxX400Address As String Dim MailboxCCMailAddress As String Dim MailboxMSMailAddress As String Dim NTUserAccountToAssociate As String Dim UserDomain As String Dim SID As New ADsSID Dim Security As New ADsSecurity Dim SecurityDescriptor As IADsSecurityDescriptor Dim DiscretionaryACL As IADsAccessControlList Dim AccessControlEntry As New AccessControlEntry ExchangeServerName = "EXCHANGE_SERVER" ExchangeServerOrganization = "ADSITest" ExchangeServerSite = "Macmillan" MailboxRelativePath = "" MailboxDisplayName = "Eck, Thomas E." MailboxFirstName = "Thomas" MailboxLastName = "Eck" MailboxMiddleInitial = "E" MailboxAlias = "Thomas.Eck" UserDomain = "UserDomain" NTUserAccountToAssociate = "teck" MTA = "cn=Microsoft MTA,cn="&ExchangeServerName& ",cn=Servers,cn=Configuration, ou="&ExchangeServerSite&",o="& ExchangeServerOrganization MDB = "cn=Microsoft Private MDB,cn="&ExchangeServerName& ",cn=Servers,cn=Configuration, ou="&ExchangeServerSite&",o="& ExchangeServerOrganization MailboxSMTPAddress = MailboxAlias&"@"&ExchangeServerSite&"."& ExchangeServerOrganization&".com" MailboxX400Address = "c=US;a= ;p="&ExchangeServerOrganization&";o="& ExchangeServerSite&";s="&MailboxLastName&";g="&MailboxFirstName&";i=" & MailboxMiddleInitial MailboxCCMailAddress = MailboxLastName&", "&MailboxFirstName&" at "& ExchangeServerSite MailboxMSMailAddress = UCase(ExchangeServerOrganization&"/"& ExchangeServerSite&"/ "&MailboxAlias) Set MailboxParentContainer = GetObject("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ou="&ExchangeServerSite&"/cn=Recipients"& MailboxRelativePath) Set Mailbox = MailboxParentContainer.Create("organizationalPerson", "cn="& MailboxAlias) Mailbox.Put "mailPreferenceOption", 0 Mailbox.Put "givenName", MailboxFirstName Mailbox.Put "sn", MailboxLastName Mailbox.Put "cn", MailboxDisplayName Mailbox.Put "uid", MailboxAlias Mailbox.Put "Home-MTA", MTA Mailbox.Put "Home-MDB", MDB Mailbox.Put "mail", MailboxSMTPAddress Mailbox.Put "MAPI-Recipient", True Mailbox.Put "rfc822Mailbox", MailboxSMTPAddress Mailbox.Put "textEncodedORAddress", MailboxX400Address Mailbox.PutEx ADS_PROPERTY_APPEND, "otherMailbox", Array("CCMAIL$"& MailboxCCMailAddress, "MS$"&MailboxMSMailAddress) SID.SetAs ADS_SID_WINNT_PATH, "WinNT://"&UserDomain&"/"& NTUserAccountToAssociate&",user" sidHex = SID.GetAs(ADS_SID_HEXSTRING) Mailbox.Put "Assoc-NT-Account", sidHex Mailbox.SetInfo Set SecurityDescriptor = Security.GetSecurityDescriptor(Mailbox.ADsPath) Set DiscretionaryACL = SecurityDescriptor.DiscretionaryACL AccessControlEntry.AceType = ADS_ACETYPE_ACCESS_ALLOWED AccessControlEntry.Trustee = UserDomain&"\"&MailboxAlias AccessControlEntry.AccessMask = ADS_RIGHT_EXCH_MAIL_SEND_AS Or ADS_RIGHT_EXCH_MAIL_RECEIVE_AS Or ADS_RIGHT_EXCH_MODIFY_USER_ATT DiscretionaryACL.AddAce AccessControlEntry SecurityDescriptor.DiscretionaryACL = DiscretionaryACL Security.SetSecurityDescriptor SecurityDescriptor
Note
In this example, references are made to the ADsSid and ADsSecurity interfaces. Both interfaces are contained in ADSSECURITY.DLL, available from http://www.newriders.com/adsi and http://www.microsoft.com/adsi.
After obtaining the required DLL, you must register it using the REGSVR32 utility from a command prompt :
REGSVR32 ADsSecurity.DLL
Depending on the configuration of your machine, you may also be able to register the DLL simply by double-clicking it in the Windows Explorer .
You must also set a reference in the Visual Basic IDE to this DLL by clicking the References item from the Project menu and selecting the " ADsSecurity 2.5 Type Library " entry .
To remove an existing Microsoft Exchange Mailbox, use the following Visual Basic code:
Dim ExchangeServerName As String Dim ExchangeServerOrganization As String Dim ExchangeServerSite As String Dim MailboxParentContainer As IADsContainer Dim MailboxRelativePath As String Dim MailboxToRemove As String ExchangeServerName = "EXCHANGE_SERVER" ExchangeServerOrganization = "ADSITest" ExchangeServerSite = "Macmillan" MailboxRelativePath = "" MailboxToRemove = "Thomas.Eck" Set MailboxParentContainer = GetObject("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ou="&ExchangeServerSite&"/cn=Recipients"& MailboxRelativePath) Call MailboxParentContainer.Delete("organizationalPerson", "cn="& MailboxToRemove)
If your organization utilizes a set of distribution lists that is assigned to users based on their role, location, or department (such as DL_Permanent_Employees, DL_Chicago, DL_Senior_Management, or DL_Research_Development), you can automate the addition of users to the list using ADSI's LDAP provider and Visual Basic. This is demonstrated in the following Visual Basic code segment:
Dim ExchangeServerName As String Dim ExchangeServerOrganization As String Dim ExchangeServerSite As String Dim DistributionList As IADs Dim DistributionListName As String Dim DistributionListRelativePath As String Dim DLMemberMailboxName As String ExchangeServerName = "EXCHANGE_SERVER" ExchangeServerOrganization = "ADSITest" ExchangeServerSite = "Macmillan" DistributionListRelativePath = "" DistributionListName = "DL_Research_Development" DLMemberMailboxName = "Thomas.Eck" Set DistributionList = GetObject("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ou="&ExchangeServerSite&"/cn=Recipients"& DistributionListRelativePath&"/cn="&DistributionListName) DistributionList.Add ("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ ou="&ExchangeServerSite&"/cn=Recipients"& "/cn="&DLMemberMailboxName) DistributionList.SetInfo
To remove an existing member from a distribution list, use the following Visual Basic code:
Dim ExchangeServerName As String Dim ExchangeServerOrganization As String Dim ExchangeServerSite As String Dim DistributionList As IADs Dim DistributionListName As String Dim DistributionListRelativePath As String Dim DLMemberMailboxName As String ExchangeServerName = "EXCHANGE_SERVER" ExchangeServerOrganization = "ADSITest" ExchangeServerSite = "Macmillan" DistributionListRelativePath = "" DistributionListName = "DL_Engineering" DLMemberMailboxName = "Thomas.Eck" Set DistributionList = GetObject("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ou="&ExchangeServerSite&"/cn=Recipients"& DistributionListRelativePath&"/cn="&DistributionListName) DistributionList.Remove ("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ ou="&ExchangeServerSite&"/cn=Recipients"& "/cn="&DLMemberMailboxName) DistributionList.SetInfo
To transfer the administrative burden for maintaining distribution lists to the list owner, use the following Visual Basic code to first determine the owner of an existing list:
Dim ExchangeServerName As String Dim ExchangeServerOrganization As String Dim ExchangeServerSite As String Dim DistributionList As IADs Dim DistributionListName As String Dim DistributionListRelativePath As String ExchangeServerName = "EXCHANGE_SERVER" ExchangeServerOrganization = "ADSITest" ExchangeServerSite = "Macmillan" DistributionListRelativePath = "" DistributionListName = "DL_Senior_Management" Set DistributionList = GetObject("LDAP://"&ExchangeServerName&"/o="& ExchangeServerOrganization&"/ou="&ExchangeServerSite&"/cn=Recipients"& DistributionListRelativePath&"/cn="&DistributionListName) Debug.Print DistributionList.Owner
Note
ADSI can programmatically manipulate many common administrative tasks within the Exchange directory. Examine the ADSI25.CHM help file (available from http://www.microsoft.com/adsi )to learn more about ADSI ability to manage Microsoft Exchange Server .
Top |