Exchange Server Schema

To write applications using ADSI for the Exchange Server directory, you must first understand the Exchange Server directory schema. This schema defines the available object classes as well as the relationship between these objects in the directory. This schema also contains the attributes for each object class.

To access the Exchange Server directory schema, you need to run the Exchange Administrator program in raw mode. To do this, run the file admin.exe with the /r switch. After the Exchange Administrator program starts, select Raw Directory from the View menu. You should see a container named Schema appear in the left pane. When you select the Schema container, you will see all the attributes and classes defined by the Exchange Server schema in the right pane, as shown in Figure 15-1. In the Exchange Administrator program, attributes have a folder icon marked with an A and classes have a folder icon marked with a C. To view and edit information about attributes and classes, select the object and choose Raw Properties from the File menu.

NOTE

---

Be careful when modifying the Exchange Server schema because you could cause unwanted behavior in your Exchange server. For example, if you change a schema property and set it incorrectly, Exchange Server will replicate the incorrect information to all your Exchange servers.

Figure 15-1. The Schema container in the Exchange Administrator program. You can search for attributes and classes defined by the Exchange Server schema using this view.

Three specific properties on the items contained in the schema are important when writing ADSI applications: the Access-Category property, the Description property, and the Heuristics property.

Access-Category Property

The Access-Category property specifies the rights needed by a user to modify an item on the Exchange server. This property contains an integer value:

• The value 0 specifies that only the system can modify an item.
• The value 1 allows users with the Exchange Modify Admin Attributes right to modify an item.
• The value 2 allows users who have the Exchange Modify User Attributes right to modify an item.
• The value 3 specifies that users who have the Exchange Modify Permissions right can change an item.

By default, users assigned as owners of a mailbox automatically have the Modify User Attributes right on their mailbox. When working with ADSI, however, check the Access-Category property for any attributes you want to modify before attempting to call your code. Exchange Server sets administrator access on some of the common properties that you might want to allow users to modify in your programs. The best example is the office attribute on a mailbox. By default, the office attribute has an Access-Category value of 1, which specifies that only users with the Modify Admin Attributes permission on the mailbox can change it. Users by default do not have this right, so your ADSI code cannot modify the office attribute if it is running in the security context of the current user. You can modify the Access-Category property in the schema so that users can modify certain properties without having the Modify Admin Attributes right.

Description Property

The Description property specifies the LDAP name of the item. Sometimes in the Exchange Server directory, the LDAP name for an attribute or class is different from the Exchange Server directory name for that attribute or class. Because ADSI uses the LDAP provider when accessing the Exchange Server directory, you should always use the LDAP name of an attribute or class when working with ADSI.

Heuristics Property

The Heuristics property contains configuration information about the item. The value for this property is an integer, which represents a total of 5 bits. For example, a value of 3 stored in this property represents setting bit 0 to the value 1, and setting bit 1 to the value 1. Figure 15-2 shows how setting the bits for this property works.

Figure 15-2. Bits used with the Heuristics property.

The following list describes the effects of changing bit values for the Heuristics property:

• Bit 0 in this property specifies whether to replicate the property between Exchange Server sites. Setting the property to 0 makes Exchange Server replicate the property. A setting of 1 prevents the property from being replicated.
• Bit 1 controls the visibility of an item to LDAP clients. Setting this bit to 0 prevents LDAP clients from seeing the item. Setting this bit to 1 allows both anonymous and authenticated LDAP clients to find and query the item.
• Bit 2 provides control over visibility of the item based on authentication of the client. If you set this bit to 0, only anonymous clients can view the item; authenticated clients will not be able to view it. If you set this bit to 1, only authenticated clients will be able to see the item.
• Bit 3 sets whether the item is an operational item. Setting this bit to 0 tells Exchange Server to not make the item an operational item. A setting of 1 specifies that the item is an operational item. If this bit is set to 1, the item will not be visible through ADSI, even though you can set the properties on the item. To access the values in an operational item, you must use the OLE DB provider that is provided by ADSI and a Microsoft ActiveX Data Objects (ADO) query, which is described later in the chapter for the sample ADSI application.
• Bit 4 sets whether the item should be visible in the Exchange Administrator program user interface. A setting of 0 makes the item invisible, and a setting of 1 makes the item visible.

Looking for Other ADSI Properties

If you prefer not to browse the attributes and classes of the Exchange Server schema using the raw mode option in the Exchange Administrator program, the MSDN Library includes a section that describes the layout of the Exchange Server schema. This section can be found under the Platform SDK\Database and Messaging Services\Microsoft Exchange Server\Microsoft Exchange Server Programmer's Reference\Reference\Directory Schema portion of the MSDN Library.