???? ???????? ???? ?? ????? ???? ????? ?? ????? ??? ???? ??????? ?? ??? ??? ??????? ?? ??? "?????"? ??? ?? ???? ????? ??? ????? Send As ????? ???? ???? ?????? ?????? ???? ???????? ???? ???? ??????. ???? ???? ?????? ???? ??????? ???? ???? ?????? ??? ????? ????? ???? ???????? ???????? ??????? ????????.
????? ????? Send As ??? ???? ???? ?????? Active Directory? ??? ??? ??????? ??? ?????? ???? ?? ??????? ?? ????? ??????. ?????? ??? ??? ????? Send As ????? ?????? ??? ?? ???? ???????? ???? ???? ???? ????. ??? ????? ????? ?????? ??????????? ?? ??????? ?? ???? ???? ???? ?? ????? ????????? ??? ??????. ?? ???? ???????? ???? ???? ?????? ?? ?? ???? ??? ?? ????? Send As.
?? ???? ??? ????? Send As ??? ???? ???? ?????? Exchange Server ?? ??? ???? ????? ?????? ??????? ??? ????? ??? ????? Send As ????? ??? ?????? ???????? ?? ????? ????????. ??? ????? Send As ??? ???? ????? ?????? Exchange ????? ????? ?????? ???????? ?????. ??? ????? ????? ???? ??? ?????? ???????? ?? ????? ????????. ??? ????? ?? ???? ?? ???? ????? ?????????? ????? ????? ?????? Send As ?????? ????? ??? ?????? ???????? ?? ????? ????????.
?????? ??? ????? "???? ????" ?? ????? ?????? Exchange
??????? ??????? ???? ????? Full Mailbox Access ????
??? ?????? ???????? ?? ????? ????????. ???? ????? ?? ???? ???????
??????.
??? ????? ??? ?????? Send As ????? ????
???? ???? ??? ??? ????? ????? ????
????? ???? ??????? ???????:
- ??? ????? ????? ??????? Active Directory ?????? ?????????
???? ??????.
- ??? ????? ????? ???????? ???? ?? ??????? ?????? ??? ????? ??????. ??? ?? ??? ??? ??????
????? ???? ?????? ?? ???? ????? ????? ????????
??????.
- ???? ????? ???? ???????? ???? ????
???? ??????.
- ???? ??? ???? ?? ????? ???????.
- ??? ??? ?????? ??? ?????? ?? ????? ???????? ?? ????????
????? ?????? ??????? ???? ??? ?? ???? ???? ??? "Send As" ????
????????.
- ?? ?????? ? ???? ??? ?????? ? "????? ?" ??? ????? ????????.
- ???? ??? ?????.
- ?? ?????? ????? ???? ???? ??????? Microsoft Exchange ???
???? Exchange ?????.
?????? ?? ???? ??? ????? ????? ???? ??????? Microsoft Exchange
????? ???? ????? ???? ???? ??????? Microsoft Exchange ?????? ??
?????? ????? ??????? ?????? ?????? ???????? ????? ??????? ????
?????? ???? ?? ??????? ?? ????? ??????? ?????? ??????:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem
??? ??????: "?? ????? ??????? ?????? ??????? ??????" ???? ??????
??? ??????: REG_DWORD
????? ???????: ????
?????? ??????:
?? ????? ??????? ????? ??????? ?????? ???????? ???? ?????? ????????.
?????? ?????????? ?????? ??????? ??? 120 ????? (?????
????). ??? ??? ?????? ????? ??????? ???? ??? ????? ????? Microsoft
???? ???? ??????? Exchange.
?????? ??? ??? ?????? ??? ?????? ??? ???? ?????? ????? ??
???? ??? ???? ??????.
????? ??? ????? Send As ??????? ??????
??? ????? ????? ???????? ??? ?? ????? ??? ??????? ????? ???? ????? ?? ???? ???? Active Directory ???????? ???? ??? ??? Full Mailbox Access ???? ??? Send As ????? ????. ??? ?? ?????? ??????? ????? ?????? ?? ??????? ???? ??? ????? ?????? ?????? ???. ???? ???????? ????? ????? ??? ????? ????? ?????? ?????? ??? ????? ???????? ???? ????? Send As ??? ???????? ???? ????? ??? ?????.
????? ???? ??? ????? Send As ???????? ??? ?? ???? ???????? ?? ???? Active Directory ?? ?? ?????. ??? ??? ???? ????? Send As ???????? ??? ???????? ???? ??? ???????? ??????? ??? ??????. ???????? ??? ???? ?? ???? ?????? ???????? ???? ?? ????? ?? ???????. ?????? ??? ??????? ??? ??????? ??? ???? ???? ?????? ?????? ???? ??? ???????? ?????? ??? ???????.
??? ??? ???? ????? Send As ???????? ??? ???????? ????? ???????? ???? ???? ????? Send As ??? ????? ???????? ????? ???? ??? ??????? ???? ?? ????? ??? ???????. ??????? ??? ???????? ???????? ???????? ????? ?? ??? ????? ??? ????? ??? Send As ???????? ?????.
???? ????? Send As ????? ???? ??? ???? ?????? ?????????? ?? ???? "Active Directory" ?? ??????? ???????? ???????? ???? ??????? ???????:
- ??? ????? ????? ??????? Active Directory ?????? ?????????
???? ??????.
- ??? ????? ????? ???????? ???? ?? ??????? ?????? ??? ????? ??????. ??? ?? ??? ??? ??????
????? ???? ?????? ?? ???? ????? ??????? ???????
??????.
- ???? ????? ?????? ?? ???????? ???? ???
???? ??? ???? ??????.
- ???? ??? ?????.
- ??? ??? ?????? ???? ????? ????? ??? ???? ???????
???? ??? ?????? ?? ??? ??????. ????? ???? ????? ??????? ???
?????? ???????.
- ?? ????? ??? ? ???? ????????? ????????.
- ??? ?????? ??? Send As.
- ???? ??? ????? ??? ???? ?????? ????
???? ?????????.
????? ???? ??????? adminSDHolder ???????
??? ??? ?????? ???????? ????? ???? ????? Send As ????? ???? ?????? ???? ????? ????? ?? ???? ????? Send As ???????. ???? ???? ?? ???? ??? ????? ???? ???? ?????? ?????????? ???? ??? ???? ????? ?????? ?? adminSDHolder ???????.
??????
adminSDHolder ???? ???????? ???? ??? ???? ?????? ????? Active Directory. ???? ??? ?????????? ??? ????????? ??? ?? ???? ???? ?? ???? ???? ?????? ??????
adminSDHolder ???????? ???? ?????? ?? ??? ???????? ??? ??????
adminSDHolder ????.
??? ??? ?????? ?????? ?? ???????? ??? ??????
adminSDHolder ????? ????? ???? ?? ????? ???? ??????? ?? ??????? ?? ???? ??? ?????. ??? ???? ??????? ??? ??? ???? ????? Send As ??? ???? ????? ???? ????? ???? ?????? ???? ????? ???? ????? ????? ????????.
?????? ?? ???? ??? ????? Send As ????? ???? ????? ?????? ??? ???? ???? ?????? ??????
adminSDHolder ??? ??? ??? ?????? ??????
adminSDHolder ????. ??? ??? ?????? ??????
adminSDHolder ? ???? ????? ?????? ?????? ????? ???????? ???????. ??? ????? ??????
adminSDHolder ??? ??? ?????? ????? ??????? ?????? ???? ?? ???? ?? ???????.
???? ???? ???? ???????? ???? ????
???? ?????? ??????
adminSDHolder ? ???? ??????? ???????:
- ??? ????? ????? ??????? Active Directory ?????? ?????????
???? ??????.
- ??? ????? ????? ???????? ???? ?? ??????? ?????? ??? ????? ??????. ??? ?? ??? ??? ??????
????? ???? ?????? ?? ????? ??????? ??????? ???? ????????.
- ????? ???? ?????? ???? ????? ????? ??????
????.
- ????? ???? ?????? ???? ?? ???? ???? ??? ?????
????.
- ???? ????? ???? ???? ???? ?????? ??????.
- ?? ????? ?????? ? ???
??? "?????? ????" ?????? ??????? ?????
????.
- ?? ???? "????" ??? ????? "Send As"
????? ???? ???????.
- ???? ??? ????? ?????? ?? ???????
???? ???? ???? ??????.
- ?? ?????? ?????? ??? ???? ???? ???? ???? ??????? ???? ???
???? ??? ????? ???? ?????? ?????? ????? ?????? ????? ??????.
????? ?? ????????? ??? adminSDHolder ???????
????????? ???? ??? ???? ????????? ???????? ??????? ?? "????? ??????? ? Microsoft":
907434
(http://support.microsoft.com/kb/907434/
)
"Send As" ??? ????? ?? ?? ???? ?????? ??? ????? ?? "Send As" ?? Active Directory Users and Computers ???????? ?? Exchange Server
318180
(http://support.microsoft.com/kb/318180/
)
???? ????? AdminSDHolder ???? ?????? ????? ??????? ???????
817433
(http://support.microsoft.com/kb/817433/
)
?? ????? ???????? ??????? ?????? ??????? ????????
306398
(http://support.microsoft.com/kb/306398/
)
???? ?????? AdminSDHolder ??????? ?????? ?? ?????? ??????? ???????
???? ???? ????? ??????? ????
?????? ??????: ???? ?? ????? "???? ??????? ????" ????? ????? ?????
???? ?? ????? "???? ??????? ????"
?? ???? ?????? ???? ?? ?????? ????? ?????? ????????. ?? ????
??? ???????? ???? ??? ?????? "BESAdmin".
??? ??? ???? ?????
?????? "???? ??????? ????"? ????? ??? ?????? ???????.
??? ?? ??? ???? ???? ?????? ????? ???? ?????. ?? ?????? ??? ?????? ????? ?????? ????????. ?????? ??? ??????? ??? ????? ?????? ???? ??? ??? ?????? ???? Enterprise Server 4.0 ?? 4.1 ???? ??????? ????? ???? "???? ????? ???? ??????? ????". ?????? ??? ??????? ??? ????? ?????? ???? ??? ??? ???? ?????? 3.6 ???? ??????? ????? ???? ?????? ??? ???? ??? ????? Server 2000/2003 ??????? ???? ?.
?????? ???????: ???? ?? ?? ???? ???? "???? ??????? ????" ???? ???????? ????????
???? ?? ?? ???? ???? ???? "???? ??????? ????"
???????? ????????.
?????? ??? ??? ?????? ??????? ?? ???? ??? ???? ?? ?? ??????
??? ?????? Domain Users. ?? ???? ???? ????? ??????
??? ?? ???? ???? ?????? Administrators ???????.
- ??? "???? ??????? ????"? ???? ??????? ???????:
- ???? ?? ?? ?????? ???? ??????
?????? ?????????.
- ????? "????? ?????? ??????" ? "????? ?????? ?????"
???????? ??????.
- ????? View-Only Exchange ??? ?????? ???
????? ???????? ????????. ?????? ????? ???? ??????? ???????:
- ?? Exchange System Manager? ???? ??? ????
??? ???????? ???????? Exchange Server, ???? ?????
???? ????.
- ???? ?? ???? "???? ??????? ????"
??? ??? ???? ????? ????? Exchange View-Only.
- ??? "Send As?" "???? ????"?"????? ?????????
????? "?????? ??? ????? ?????? ??? ???? Exchange. ??????
???? ???? ??????? ???????:
- ?? Exchange System Manager? ???? ??? ????
????? ??? ???????? ???????? ?????? ?? ?? ?????? ?????? ?? ????????.
- ?? ?????? ?????? ??? ???? Exchange? ?? ???? ??? ?????? ?? ???? ??? ????.
- ?? ????? ??????? ??? "??????? ????"
???? ???? ??????. ?? ????? ??????? ???? ?? "Send As?"
??? ????? "???? ????"? ??????? "????? ???? ?????????" ??? ??????.
- ??? ??????? ?? 3 ?? 3 ??? Exchange
????.
- ??? "Send As?" "???? ????"?"????? ?????????
????? "???????? ????? ???? ??????. ?????? ????? ???? ??????? ???????:
- ?? Exchange System Manager? ???? ??? ????
????? ??? ???????? ????????? ?? ?? ?????? ?????? ?? ????????.
- ?? ?????? ???? ?????? ???? ???? ??????? ???? ????? ??????? ??? ??
???? ???? ??????? ???? ??? ?????? ?? ???? ??? ????.
- ?? ????? ??????? ??? "??????? ????"
???? ???? ??????. ?? ????? ??????? ???? ?? "Send As?"
??? ????? "???? ????"? ??????? "????? ???? ?????????" ??? ??????.
- ??? ??????? 4 ?? 4 ??? ???? ???? ?????? ??? ??
???? Exchange.
- ?? Active Directory Users and Computers ?????? ????????? ????
??????? ???????:
- ?? ?????? ?????? ??? ???????? ???? ???? ?? ????
??????? ??? ?? ???? ??? ?????.
- ??? ???? ????? ???????? ?? ??????
???? ???? ???? ??????? ????? ??? ???? ?????? ????? ???? ????????.
?? ???? ??? ????? Exchange Server 2003? ???? ?????? ???????.
?????? ???????: ??? ????? ??????? ?????? ??? "???? ??????? ????"
???? ????? ??????? ?????? ???????? ?? ???? Exchange? ?? ?????? ?????
????? ?????? ?????? ??? ?????? ????? Microsoft ????? ?????????
????. ???
????? ????? ???? Exchange? ??? ????? ????? ????? ?????? "???? ????" ??? ??? ?????? "BESAdmin" ??????? ????? "????? ?"
??? ??? ???? Exchange.
??? ????? Exchange ?????? ?????? ??? ???? ?????? ?????????
??? ????? ?????? Active Directory ? Microsoft Exchange. ??? ????? ?? ???? ??? ???????
?????? ?? ??????? ?? ???? ???? ????? ???????? Active Directory? ????
??? ????? ???????? ???????? ?? ?????? ???????.
???? ????
??? ?? ????? ??? ??? ???? ?????? ?????? ???? ????
??? ??????. ??? ?? ????? ???? ???? ???? Exchange ???????
????? ?????? ????? ?????? Exchange.
??? Active Directory
msExchMailboxSecurityDescriptor ???? ???????? ?? ?????? ????? ?? ?????? ??????? ???? ??????. ?
?????? ?????? ?? ??? Exchange ?????? ??????. ???????? ??? ???? ??? ????? ?????
msExchMailboxSecurityDescriptor ???? ?????? ?? ?????? ??????? ??????? ???
?????? ????????? ???????? ???????? ?????? ??????. ??? ????? ?? ???? ??? ???
????? ?????
msExchMailboxSecurityDescriptor ?????? ?????? ????? ?????????
?? ??? ????? ??? ???? Exchange? ??? ?????
?????. ???? ??????? ?? ??? ???????? ?? ???? ???? ?????? ???????. ?????
??? ??? ??????? ?????
msExchMailboxSecurityDescriptor ??????? ?? ??????? ???? ???? ??????.
?????? ??? ???? ?? ?????????? ???? ??? ??? ??????? ?????? ?????? ?? "????? ??????? ? Microsoft":
310866
(http://support.microsoft.com/kb/310866/
)
????? ????? ???? ???? ???? Exchange Server 2003 ? Exchange 2000 Server ??? ???? ????? ?? ???? ?????????
????? Full Mailbox Access
??? ???? ????? ?????? Exchange. ???? ????? Send As ???
??? ??????. ??? ??????? ????? Exchange Store.exe ????
??????? ?? ??? ???????? ???? Exchange ??? ?????? ??????? ?? ???
??? Send As ??? ??? ?????? ?????? Full Mailbox Access
???.
????? ????? Send As ????????
??? "?????? ??? ???? ????" ???? ??? ?????? ?????? ???? Exchange ???
??? ?????? ?????? ????? Send As ??????? ??? ???? ???? ??? ???? ????
?????? ???????. ?? ????
??? ????? Send As ?? ??? Full Mailbox Access?
????? ???? ??? "?????? ?????? ?????" ??? ??????? ??? "????? ?"
????? ?? ??? Active Directory ????? Exchange
???. ?????? ??????? ??? ???????? ??? ?????
?????? Exchange.
????? ??? ??????
???? ???? ???? ?????? ??? ???? ?????? Active Directory
?????
msExchMailboxGUID ???? ???? ???? ???? ????? (GUID)
????? ???? ?????. ???? ????? ???? ??? ?? ?????? ???? ??????
???? GUID ????? ???? ?????. ??? ????? ????? ???? ???? ??
??? ?????? ?????? ???????? Active Directory ???? ??????? ?? ???? ???.
????? ????? ????? ???? ???? ???? ?? ??? ??????? ??? ???????
???? ?????? ??? ???? ???? Active Directory? ????? ?????? ?????? ?????? ??????? ??? ??????? ????????
??? ??????. ??? ?????? ?? ???????? ?? ?????? ??? ???????
?? ?????? Guid ???? ?????? ??????.
?????? ??????? ???????
??? ????? Exchange ????? ?????? Exchange ??
???? ???????. ???? ????? ?????? ???? ?? ?????? ?????? ??????
?? ?????? ?????????? ???? ????? ??? ??? ???? ?? ??????. ???? ???
????? ???? ???? ????? ?????
msExchMailboxGUID ??? ?? ???????? ???????? ?? ??? ??????
???? Exchange.
??? ?? ??? ??????? ????? ???? ??????
???? ?? ?????? ???? ????? Exchange. ??? ???? ????? ??? ??? ????? ???? ??????
?????? ??? ?????? ?????? ???? ?? ?? ???? Microsoft Windows NT 4. ?????
?????? ???? ?? ???? ??? ?????? "?????? ??????? ???????". ??????
????? ??? ?????? ??? "??????? ???? ??????". ??????
??? ????? ??? ?? ???? ?? ?????? ?????? ??????.
??? ??????? ?? ??????
??? ?????? ???????? ??? ????? ???? SID ????????
?????? ??? ???
msExchMasterAccountSID ???? ???? ??????. ?????? ??? ???
??? ??? ???????? ???? ????? ?????? ?????? ?? ???? ?????
msExchMasterAccountSID . ??? ?? ?? ????? ???
msExchMasterAccountSID ? ?????? ??????? ???? ???? ???? ??????
???? ??? ?????? ??? Exchange ??? ?? ??? ???? ???? ?????? ??????
????.
?????? ????? ??? ??? ??? Exchange? ?? ????
?????? ??? ?????? ?????. ???????? ??? ???? ??? ????? ???? ???? ??????
???? ????? ??????? ????? ?????? ??? ????? "?????? ??????? ???????"
??? ??? ???? ???? ???????? ????????.
?????? ??? ???? ?? ?????????? ???? ??? ??? ??????? ?????? ?????? ?? "????? ??????? ? Microsoft":
300456
(http://support.microsoft.com/kb/300456/
)
??? ??????? ?????? ???????? ?????? ??? ??????? ?? Exchange 2000
????? ??????? ???????
???? ?? ?????? ???? ?? ??? ?????? ????? ???
???? ???? ???? ????? ?? ????? ????? ?????? ?????????? ?? ???
????. ??????? ????? ?????? ?? ??? ?????? ?????? ?????? ???
????? ????? ??????? ????? ???????????. ???? ??????
???? ????? ?????? ???????. ???????? ??? ???? ???? ?????? ???? ???
????? ???? ???????? ????? ?? ?????? ????????.
????? ??????? ????????? ????????? ???? ????? Send ??? ??????? ??????:
- ?? ???? ???? ???? ??????? ???? ??????? ????? ?? ????? ?? ??? ????? ???? ??????.
- ?? Microsoft Office Outlook? ?????? ???????? ???? ??????.
??? ????? ?????? ?????
??????????????? ?? ???? ??????. ???? ??? ???? ?????????? ????? ??????? ?? ??? ????? ??????? ????? ?? ????? ????? ???? ??????. ??? ???? ??? ????? ???????? ?????? ????? ???? ???????? ????? ??? ??? ?????? ??
?? ????? ??? ????? ????? ?????? ?????????? ?? ?????? ???? ?? ?? ????? ???? ??????. ????? ?????? ??????????
?? ???? ???? ?????? ???????:
??? ??????> ???????? ???? ??????>
??
??? ???????? ?? ??? ???? ??? ????? ???
??????????????? ?? Outlook. ?????? ??? ???? ?? ?????????? ???? ??? ??? ??????? ?????? ?????? ?? "????? ??????? ? Microsoft":
329622
(http://support.microsoft.com/kb/329622/
)
?? ??? ????? ????? "????? ????? ??" ??????? ??? ????? ?????? ?? Outlook
??? ??? ???? ????? ?????? ??? ???? ?????? ?????? ??? ????? ??????? ?????? ??????? ????? ?? ????? ??? ?? ???? ??? ??? ?? ?????? ??? ?? ?? ?????? ???? ?????? ?????? ??. ?? ??? ???????? ???? ?? ???? ????? ??????? ????? ?? ?????. ?????? ?????? ??? ?????? ???? ?????? ?????? ?? ?????? ???? ????? ???????? ??? ?????? ???????. ???? ???? ???????? ??????? Outlook ?????? ??? ???????? ??????? ???? ??? ?? ?????? ?????. ?????? ????? ???? ???
??? ???
??? ??????? ?? Outlook? ?? ???? ???
???? ?????? ???.
????? ?? ????
???????? ?? ??? ???? ?????? ?????? ?? ???? ????? ???? ?????? ??
????? ????? ????? ????? ????? Outlook ????? ???. ???? ??? ???????
???? ?????? ?????? ?? ????? ?? ???? ?????? Outlook ?????? ???????. ???????? ??? ????
???? ??? ??????? ?????? ??? ???? ???????? ???????? ?? ???? ?????? ????
?? ??? ?????? ??????.
?? ????? ??? ??????
?? ??? ??????? ????? ????? ?? ????? ??? ?????? ???? ?? ?????
??? "send As". ?????? ???? ????? ???????? ????
??????? ???????:
- ??? ????? Full Mailbox Access ??????. ????
?? ???? ?? ??? ?? ???? Outlook. ????? ?? ???? ??? ?? ????? "?????? ?????"
?????? ???? ??? ???? ???? ???? ??????. ??? ??? ??? ???? ?????? ?????? ???
?? ???? ?? ???? ?????? ?????? ?? ??? ??? ????? ??????
??? ?????? ??? ???? ??????.
- ??? ??? ?????? ????? Send As. ??? ???
??? ?????? ????? Send As? ???? ????? ?????? ?????????? ???? ??? ??????? ??????
???? ?????? ?????? Send As. ????? ?????? ??
???? ??????? ??????? ??????? ????? ?? ?????.
?? ??? ?????????? ???????? ????? ?????? ??????? ????? Send ???? ??? ??? ????? ?????? ??? ??? ?????? ?????? ???. ??? ??? ????????
???? ????? ?? ????? ????? ????? ???? ???????? ????? ?????? ?? ??? ????? ??
????????? ????? ???? ???????? ???? ???????? ????? ??? ????? ???. ??? ???
???????? ?????? ????? ???? ???????? ????? ???? ??? ????? ??? ????? ??
??
?? ???? ????? ?????? ?????????? ??????? ??????? ?????? ??
????.
??? ????? ?? ?? ??? ??? ???????? ???? ???????? ?????? ??
?? ???? ?????? ????? ???? ??????? ???? ????? ?????? ?????????? ???
??????? ????? ??? ????? ????? ?? ??? ?? ??? ?????? ???
???? ?????? ?? ??? ?????? ???????? ???? ????? Outlook ??????.
???
???? ???????? ?? ????? ????? ???? ???????? ?????? ??? ????? ?????? ??? ????
???? ?????? ???????? ??? ????? Outlook ????? ??? ???? ?????? ?????? ??. ?????? ??????????
???? ??????? ???? ???? ???????? ???????? ????? ????? ?????? ??? ??? ??????? ???????
????? ???????? ?? ????.
????? ?? ???????? ???? ??? ??? Full Mailbox Access ???? ??? Send As
????? ????? ?? ??? ???? ???????? ????? ?????? ?? ??? ??????
?????? Active directory ?? ?? ??? ??????? ?????????? ??? "?????? ????"
?? ??? ??? ?????? ??? ???? ???? ???? ??? Send As.
??? ??? ????? ????????? ????
"
??? ????? ??? ?????? ????? ??? ??????"
????.
????? ???????? ????? ??? ??????? ??????? ???????:
- ????? ????? ????? ????? ?????????? ????? ????? "?? ?????? ???? ???? ????"
???????? ???? ?? ????? Send As. ????? ????? ?????? ??? ??????? ??
??????? ?? ???? ??? ?????? ??? ?????? ?? ???? ??
??? Send As.
- ??????? ????? ??????? ????? ???????? ????? ????? "?? ?????? ???? ???? ????"
????? ????? Send As ??? ???? ??? ?????. ???? ???
?? ???? ??????? ??? ???????? ????? ???? ??? Full Mailbox Access ?
??? "send As". ??? ?? ?????? ???? Full Mailbox Access ??? ????
??? ???? ????? Send As.
- SetAll ????? ??? ??? Send As ????? ?????????? ?? ??????
????? ????? ????? Full Mailbox Access ????? ???? ????? ??????. A
???? ????? ??? ????? ?? ??? ????? ??? ???????. ???
????? ?????? ????? ??????? ?????? ??? ?????
??? ???????.
?????? ?? ???? ??? ????? "?????" ?? ??? ???????? ?????.
???????? ???????? ???????? ?????
??? ????? ???????? ????? ????? ??? ?????? ?????? ????????
???? ????? ?? ??? ??????? ???? ???? ???? ??????
?????? ??. ?? ?? ???? ???????? ????? ???????? ???? ??
?????? ?????? ??? ?????? ??????. ???? ???? ?? ???? ???????? ????? ????? ???
????? ?? ???? ??? ??????? ??? ?????? ?????? ?????? ?? ??????
???? ??? ??? ?????? ???? ???? ??????.
????? ????
????? ????? ????? ???????? ????? ???????? ?????? ?????? ????? ??
???? ????? ???? ????? ???????? ?????
RunAs.exe . ?? ???? ??? ???????
?????? ??? ??? ???? ????? ?????? Active Directory ? Exchange Server?
??? ?? ???? ???? ???? ????? ????? ???? ?????? Exchange ?? ????
?????? Active directory. ????? ??? ???? ??????? ?????? ???????? ?????
?? ???? ?????. ?? ???? ???????? ?????? ??????:
/User:domain\account RunAs.exe cmd.EXE
?????? ??? ??? ????? ??? ?????? ?? ???????? ????? ?? ??? ?????
??? ??????.
???? ?????? ???????? ?? ??? ??????? ?
????. ??? ??? ?????? ???????? ???? ???? ???? ??
??? ???????.
- ??? ????? ????? ???? ???? ??????
?? ???? ???? ???? ?? ??? ???? ?? ??????? ????? ????
??? ??? ???? ???? ??????. ???? ??? ?????? ??? ???? ?????? ???? ??????
?????? Full Mailbox Access ???? ???? ??????. - ?????? ???? ????? ?????? ????? ???? ?????? Full Mailbox Access ???? ?? ????? Send As
?? ???? ??? ?????? ??? ???? ??
??? ??????? ????? ??? ?????? ?????? ??? ??? ?????? ??????. ???
????? ?? ???? ??? ???? ???? ???? ????? ?? ??? ?????
???? ?????? ??? ???? ????? ??????. - ??? ????? ????? ???? ????? Full Mailbox Access ???? ?? ????? Send As
????? ??? ????? ???????? ??? ??? ????? ????????? ?????? ????? ?????? ??? ??????. - ???? ????? ???? ???? ??????
??? ??? ???? ???? ?????? ???? ???????? ???? ???? ????????? ???????. ??? ??? ???? ???? ?????? ???????? ???? ???? ????? ??
????????. - ???? ????? ?? ????? ???? ???? ???? ??????
???? ??? ????? ?????? ????? ???? ????? ????
?????? ?? ?????? ??? ???? ??? ???? ??. ????? ???? ??? ????????
?????. - ????? ?????? ?????? ????? ???? ???? ??????
???? ??? ????? ?????? ????? ???? ?????
??????? ???? ???? ???? ?????? ???????. - ????? ?????? ?????? ?????? ?????? ???? ???? ???? ???? ??????
????? ??? ????? ????? ????????? ??????? ????????
????? ????????? ???????? ????? ??????.
?? ?????? ??????? ???????? ???? ???? ??? ????? ??????
????? "????????" ????? Full Mailbox Access ??? ??? ?????
??? ????? ?????? "???? ???? ??????":
"""???? ???? ??????""" """Domain\NoSendAs" """" "??? ????? ???????""" """???? ???????" """" "?????""" [??? ???? ??????]
????? ???? ??? ?????? ???????? ?????
?????? ??? ???????? ????? ?????? ????? Exchange ???????
?? ?????? Exchange. ?????? ??? ????? ??? ???????? ????? ?? ?????
???? ?? ?? ???? ??? ?? ????? ???? Exchange ????.
????? ??? ???????
??? ??????? ??? ??????? ??? ???? Unicode ????
???? ????????? ??????? ???? ?? ???? ??????. ??? ????? ????? ??????
?? ???? ??? ???? ??? ??? ?? ????? ????? ???? ???? ?? ?? ??? ??? ????? ? ANSI
?? ?? ASCII. ?????? ???????? "???????" ? Microsoft ????? ??????? Windows XP ?? Windows Server 2003
?????? ???? ??????? Windows 2000 ???? ???? ?? Unicode
?????. ???????? ??? ???? Microsoft Office Excel ????? ?????? ???? ???? ?? Unicode
?????.
??? ???????? ?????? ???? ??????? ????? ????? ????
?????? ?????? ??? ????? ??? ???. ?????? ????????
?????? ?????? ?????? ????????? ???????? ?? Excel ????. ??
Excel? ?????? ???????? ??????? ??? ???? ?????? ???????? ???????? ?????
?????? ??? ????? ????? ??? ?????? ?????? ??? ??? ????? ??? ???? ??? Unicode.
???? ????????? ??????? ???? ???? ??? ????? ?? ???? ????
Excel.
????? ???? ????? ??? ????? ??? ??????? Excel ????????
?????? ???????? "Find.exe" ?? ?????? ???????? ?????? Findstr.exe. ???? ??? ??????? ????????
??????? ?? Windows. ???? ?? ????? ?? ??????? ?? ??? ?
????? ?????? ???? ????? ??? ??? ??????? ?? ?????? ???? ?? ????? ???
??? ???????. ??? ???? ??????? ??? ??? ???? ????? ????? ?? ??? ???? ????? ??? ?????? ???????? ??? ???????? ?????? ?? ?? ??? ??????? ?????? ???
????? ??? ???? ????? ??? ??????? "Has Delegates" ???:
Find.exe "???? ???????" OriginalFile.txt> HasDelegates.txt
??????? ?????? Findstr.exe "???? ???????" OriginalFile.txt> HasDelegates.txt
????? ???? ????? ?? ????? ????
????? ??? ?????? ????? ??? ??????. ??? ???????
/V ????? ???? ?????? ???? ?? ?????? ?? ????? ?????. ?????
????? ??????? ?? ?? ??? ??????? ?????? ??? ?????? ???? "???
???? delegates ":
Find.exe OriginalFile.txt "???????"> NoDelegates.txt
Find.exe/V "???? ???????" OriginalFile.txt> NoDelegates.txt
??????? ?????? Findstr.exe "???????" OriginalFile.txt> NoDelegates.txt
???????/V ?????? Findstr.exe "???? ???????" OriginalFile.txt> NoDelegates.txt
????? ???? ??????? ??? ??????? ?????? ???
???? ???? ???? ???????? ???? ???? ???? ????? ????
??? ?????? ??? ???? ?????? ???? ??? ???? ????? Send As. ???? ??? ???????
/I ????? ???? ???? ??????:
/I Find.exe "domain\ServiceAccount" OriginalFile.txt> ServiceAccount.txt
?????? Findstr.exe/I ??????? "domain\ServiceAccount" OriginalFile.txt> ServiceAccount.txt
?????? ??? ??? ?????? ?????? ???????? Find.exe ?????? ??? ???? ?? ???????? ??? ?????
???? ??????? ???? ????? ?????? ?????? ???????? "Find.exe" ?? ????? ?????? ?? ?????.
??
??? ??????? ????? ??????? ??? ????? (*. *) ???????? ?????? ???????? ?????? Findstr.exe. ??? ??? ?????? ???? ?????
?? ??? ?? ??? ??????? ???? ??????? ??? ?????. ????? ????
??? ??? ???????? ?????? ??? ?????? ???????? Find.exe ??
?????? Findstr.exe ?????? ?? ?????? ???? ??????? ?? ????????? ???????? ????
????.
?? ?????? ??????? ???????? ???? ???? ??? ????? ??????
????? "????????" ????? Full Mailbox Access? ???? ??? "????? ?"
??? ????? ?????? "???? ???? ??????".
"""Mailbox Owner""" """Domain\NoSendAs""" """No Send As User""" """Has Delegates""" """Enabled""" [additional fields omitted]
??? ????? ??? ?????? ???????? ??? ???????
???? ???? Full Mailbox Access (???? ????
"??????") ???? ??? ??? ??? ????? Send As. ???
?????? ?????? ?????? ?????? ??? ???? ?????? ???? ???? ????? ??????
????? ???????. ??? ??????? ?????? (????? ??????? ?????? ? Outlook
??????
??? ???? ??? ??? ??
??? ???? ?????? ???)? ??? ????? ??????? ????? ?? ??????.
??? ????? Send As ?????? ??? ??? ??? ????
?????? ?????? ????? ????? ???? ?????? ???? ????? ????? ??
???? ???? ??????. ???? ?????? ?? ??? ??????? ?? ???? "???
????????? "?? ??? ?? ??? ??? ?? ?? ?????? ?????? ?? ????
????? ?????? ?????? ???? ???? ??????.
???
??? ??? ?????? ?????? ?? ??? ???????. ??? ???? ????????? ???????
??? Full Mailbox Access. ???????? ??? ???? ??? ??? ????? Send As
????? ????? ??? ???? ?????? ?????? ????? ???? ??????.
??? ???? ??? ?? ???? ????? ?????? ??? ???? ????? Full Mailbox Access.
?? ???? ??? ?????? Send As ????? ??? ??? ???????
???? ?????? ????? ????? ??????.
????? ??? ??? ????? ?? Excel
- ??? ????? Excel ??? ??? ??? ???????.
- ???? ????? ?? Excel ????? ????? "??????? ??????". ??? ????? "????? ??????? ????".
- ?? "????? ??????? ????"? ????? ?? ???? ???????
???????:
- ??? ???????? ??????: ????
- ??? ????????? ??? ????: 1
- ??? ?????: Unicode (utf-8)
- ??????: ??????? ???
- ?????? ???????? ????????? ??????:
????
- ???? ????: "(?????? ??????)
????? ??? ??? ????? ??? ?? ??? ?????? ????? ?? Excel
- ?? ??? ???????? ???? ??? ??? ????.
- ??? ????? ???????? ??? ????? ??? ?????
?????? ??? ???? ??? ????? ?? ????? ??????.
- ???? ??? ???? ???? ??? ??? ????? ???? ??? ??? ???? ????????? ??? ?? ???? ??? ?? Unicode ?? ??? ???? ?????.
???? ?????? ?? ???????? ?????
??? ?? ????????? ??? ??? ???? ?????? ?? ???
?????? ??????? ???? ??
????? ???? ??????. ???? ??? ???????
???? ????? ?? ???? ???
??? ?????? ???? ???
?????? ???
CMD ??
??? ????? ??? ?? ???? ???
?????.
??? ??????? ???????? ???? ??? ???????
???? ???? ??????? ??????. ??? ?? ???? ???? ?????? ?????? ????? ??
??? ??????. ?????? ??? ??????? ??? ???????? ???? ????? ??????:
?????? ?????????? ????? ????? Full Mailbox Access ???? ??? Send As ?????? ???? ????? ??????:
CSCRIPT AddSendAs.vbs [domain controller name] ?Export
Example:
CSCRIPT AddSendAs.vbs CORP-DC-1 ?Export
???? ????? ??? ???????
"Send_As_Export_H_MM_SS.txt".
???????? ??? ????? ?? ??????? ???? ????? ??????:
CSCRIPT AddSendAs.vbs [domain controller name] ?Import [filename]
Example:
CSCRIPT AddSendAs.vbs CORP-DC-1 ?Import "Send_As_Export_H_MM_SS.txt"
????? ??? ????? Send As ??? ???? ?????? ?? ?????? ????? ?????????? ????? ????? ????? Full Mailbox Access ????? ????
?????? ??? ??? ???? ???????? ????? Full Mailbox Access
??? ?? ??????? ?????? ??? ??? ??? ??????? ??? SetAll. ??? ??? ????
??????? ??? SetAll ?? ??? ??????? ???? ??? ???????? "????? ?"
???. ???? ?? ???? ??? ?????? ??? ???? ????? ?????? ?????????? ???? ????? ???????? ????????
??? "????? ?" ????? ?? ????? ??????? ????? ?? ?????. ?????
????? ??? ??????? ?? ???? ????? ??? Send As ???? ?? ?? ???? ?????
??? ??????:
CSCRIPT AddSendAs.vbs [domain controller name] ?SetAll
Example:
CSCRIPT AddSendAs.vbs CORP-DC-1 ?SetAll
??? ??? ?????? ??? SetAll? ????? ??? ???????
????? Send_As_Export_H_MM_SS.txt. ??? ??? ??? ????? ???? ????
?? ??? ????? ???????? ???? ?? ???????. ??? ??? ???? ?????
???????? ????? ??? ????? ?? ???? ??? ??? ????? ???????? ????? ???
?????? ??? ?????? ?? ?? ??? ????? Send As.
???? ??????? ???? ??????? ????? ????? ???????? ?????
??? ??? ??? Send_As_Errors_H_MM_SS.txt. ??? ??? ???
?????? ?????? ?????? ?? ??? ????? ?????.
??????? ??????? ??????
?? ???? ???? ?????? ?? ??????? ???? ????? ??????
??? ?????? ?? ????????? ???? ?? ???? ?? ????? ????????. ??????
??? ??? ???????? ????? ????? ??? ???????? ?? ???? ?????
??????? FMA_EXCLUSIVE_LIST ??????? ??? ????? ?????? ?? ???????? ?????. ?? ????
????????? ??????????? ???? ??? ??????? ??? ???? ?? ???????? ???? ??? ????? ??
????? ???????? ?????. ????? ????? ?????? ?? ???????? ???????? ??????? ??????.
& "<Domain\Name>" & OUTPUT_DELIMITER
??? ???? ??????? ????? ????? ???? ??????? ??????.
FMA_EXCLUSIVE_LIST = OUTPUT_DELIMITER & "NT AUTHORITY\SELF" & OUTPUT_DELIMITER & "NT AUTHORITY\SYSTEM" & OUTPUT_DELIMITER
??? ???? ??? ???.
FMA_EXCLUSIVE_LIST = OUTPUT_DELIMITER & "NT AUTHORITY\SELF" & OUTPUT_DELIMITER & "NT AUTHORITY\SYSTEM" & OUTPUT_DELIMITER & "Mydomain\Service1" & OUTPUT DELIMITER
???? ??? ??????? ??? ????? "Mydomain\Service1" ??
??? ??????? ?? "NT AUTHORITY\SELF" ? "NT AUTHORITY\SYSTEM."
???? ?? ?????? domain\name ????? ????? ??????? ???? ?? ???? ?????
??? ?? ?? ??? ????? ?? ??? ???????.
???? ???
????? ????? ???????? FMA_EXCLUSIVE_EXSVC ???? ???????? "?????
????? "& OUTPUT_DELIMITER. "????? Exchange" ?? ??? ????
?? ??? ??? ???????? ?? ???? Active Directory ???? ?? Exchange
Server 5.5 ??? ?????????? ??????? ???????? ?? Exchange 2000. ???? ??? ??????
????? ?? ?????? ??????? ??? ???? ????? ??????? ?? ??? ??????? ?? ????
?? ??? ????.
???? ??????? FMA_EXCLUSIVE_EXSVC ???
?????? ??? ???? ???? ????? ???. ??? ?????? ??? ????? ????? ??????. ??????
??? ?? ???? ???? ???? ?????? ???? (\) ???? ??? ?????
?????? ???? ????? ???? ??????. ???? ??? ?????? ??????
???????? ???? ???? ???.
??? ??? ?? ??????? ??????? ??????
????? ?? ?????? ????? ??????? ?? ???? ?????? ???? ????? ??
?????? ?????? ????? ??? ???? ???? ??? ???????? ??? ??? ???? ????????. ?? ???
?????????? ????? ??????? ??? ?????? ? "????? ???????".
??????? ????????
?????? ??? ???????? ?????? ??? ???? ???? ?????? ??? ???????
???????? ????? ?????? ???????? ????? ?? ???? ?? ???? ??? "???????". ??? ???????? ?????
? AddSendAs.vbs. ????? ???????? ?????.
Option Explicit
Dim OUTPUT_DELIMITER
OUTPUT_DELIMITER = """""""" & vbTab & """"""""
'Define exclusive list, if FMA is given to any user in this list, it's ignored. If you
'want to modify this list, please be sure to follow the same format. Every alias has to
'have a OUTPUT_DELIMITER before and after it
Dim FMA_EXCLUSIVE_LIST
FMA_EXCLUSIVE_LIST = OUTPUT_DELIMITER & "NT AUTHORITY\SELF" & OUTPUT_DELIMITER & "NT AUTHORITY\SYSTEM" & OUTPUT_DELIMITER
Dim FMA_EXCLUSIVE_EXSVC
FMA_EXCLUSIVE_EXSVC = "\Exchange Services" & OUTPUT_DELIMITER
'Permission Type: Allow or Deny
const ACCESS_ALLOWED_OBJECT_ACE_TYPE = 5
const ADS_ACETYPE_ACCESS_ALLOWED = &h0
const ADS_ACETYPE_ACCESS_DENIED = &h1
'Flags: Specifies Inheritance
const ADS_ACEFLAG_INHERIT_ACE = &h2
const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &h4
const ADS_ACEFLAG_INHERIT_ONLY_ACE = &h8
const ADS_ACEFLAG_INHERITED_ACE = &h10
const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &h1f
const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &h40
const ADS_ACEFLAG_FAILED_ACCESS = &h80
'Declare ADSI constants
Const ADS_OPTION_SECURITY_MASK = 3
Const ADS_OPTION_REFERRALS = 1
Const ADS_SECURITY_INFO_DACL = 4
Const ADS_CHASE_REFERRALS_NEVER = &h00
Const ADS_CHASE_REFERRALS_SUBORDINATE = &h20
Const ADS_CHASE_REFERRALS_EXTERNAL = &h40
'output file name
Const EXPORT_FILE = "Send_As_Export"
Const ERROR_FILE = "Send_As_Errors"
' script mode
const MODE_INVALID = -1
const MODE_SETALL = 0
const MODE_EXPORT = 1
const MODE_IMPORT = 2
const SETALL = "-SETALL"
const EXPORT = "-EXPORT"
const IMPORT = "-IMPORT"
' argument index
Const ARG_INDEX_MODE = 1
Const ARG_INDEX_DC = 0
Const ARG_INDEX_FILENAME = 2
' column index in import/export file
Const COLUMN_INDEX_USERDISPLAYNAME = 0
Const COLUMN_INDEX_FMAALIAS = 1
Const COLUMN_INDEX_FMADISPLAYNAME = 2
Const COLUMN_INDEX_IFPUBLICDELEGATE = 3
Const COLUMN_INDEX_MAILBOXSTATUS = 4
Const COLUMN_INDEX_USERADSPATH = 5
Const COLUMN_INDEX_HOMEMDB = 6
Const EMPTYSTRING = ""
Const STRNO = "No Delegates"
Const STRYES = "Has Delegates"
Const MIN_ARG = 2
Const INIT_ARRAY_SIZE = 100
' Microsoft Exchange
Const EX_MB_SEND_AS_ACCESSMASK = &H00100
Const EX_FULLMailbox_AccessMask = 1
Const MESO = "Microsoft Exchange System Objects"
Const EX_MB_SEND_AS_GUID = "{AB721A54-1E2F-11D0-9819-00AA0040529B}"
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Const TristateTrue = -1
Const ADS_SCOPE_SUBTREE = 2
Dim objUser
Dim objSDMailBox
Dim objSDNTsecurity
Dim objDACLNTSD
Dim objNewACE
Dim sTrusteeAlias()
Dim sFMADeniedList
Dim sFMAExplicitAllow
Dim fACESendasFound
Dim dArraySize
Dim TotalACE
Dim i
Dim rootDSE
Dim conn
Dim objCommand
Dim objCmdDisplayName
Dim rsUsers
Dim FoundObject
Dim objFSO
Dim objfileImport
Dim objfileExport
Dim objfileError
Dim sImportFilePath
Dim cScriptMode
Dim dArgCount
Dim dArgExpected
Dim sDCServer
Dim sMailboxStatus
Dim sIfPublicDelegate
Dim sFMAUserDisplayName
Dim sExportFileName
Dim sErrorsFileName
Dim msPublicDelegates
Dim fError
Dim fOneError
Dim fFMAAllowed
On Error Resume Next
dArraySize = INIT_ARRAY_SIZE
ReDim Preserve sTrusteeAlias(dArraySize)
dArgCount = Wscript.Arguments.Count
If ( dArgCount < MIN_ARG ) Then
DisplaySyntax
End If
err.Clear
fError = False
fOneError = False
cScriptMode = MODE_INVALID
Select Case UCase(WScript.Arguments(ARG_INDEX_MODE))
Case SETALL
cScriptMode = MODE_SETALL
dArgExpected = ARG_INDEX_MODE + 1
Case EXPORT
cScriptMode = MODE_EXPORT
dArgExpected = ARG_INDEX_MODE + 1
Case IMPORT
cScriptMode = MODE_IMPORT
dArgExpected = ARG_INDEX_FILENAME + 1
Case Else
cScriptMode = MODE_INVALID
End Select
If (cScriptMode = MODE_INVALID Or dArgCount <> dArgExpected) Then
DisplaySyntax
End If
sDCServer = WScript.Arguments(ARG_INDEX_DC)
CreateOutputFiles
If ( cScriptMode = MODE_SETALL Or cScriptMode = MODE_EXPORT ) Then
Dim sDomainContainer
If (cScriptMode = MODE_SETALL) Then
Dim strInput
WScript.StdOut.WriteLine("WARNING: If you continue, each account in the domain that has")
WScript.StdOut.WriteLine("Full Mailbox Access permission for a given mailbox will also be")
WScript.StdOut.WriteLine("granted permission to Send As the mailbox owner.")
WScript.StdOut.WriteLine()
WScript.StdOut.WriteLine("To preview the list of mailboxes before granting Send As,")
WScript.StdOut.WriteLine("cancel this operation and use the -Export mode of this script.")
WScript.StdOut.WriteLine()
WScript.StdOut.Write("Press Y to continue or any other key to cancel: ")
strInput = WScript.StdIn.ReadLine()
If (UCase(strInput) <> UCase("Y")) Then
WScript.Quit
End If
End If
WScript.StdOut.WriteLine()
WScript.StdOut.WriteLine("""!"" indicates an error processing an object.")
WScript.StdOut.WriteLine(" Check " & sErrorsFilename)
WScript.StdOut.WriteLine("Starting...")
WScript.StdOut.WriteLine()
err.Clear
Set rootDSE = GetObject("LDAP://" & sDCServer & "/RootDSE")
sDomainContainer = rootDSE.Get("defaultNamingContext")
WScript.StdOut.WriteLine("Finding domain controller [ " & sDCServer & " ] for domain [ " & sDomainContainer & " ]")
If (err.number <> 0) Then
WScript.StdOut.WriteLine("Failed to find the domain or domain controller, error:" & err.Description)
objfileError.WriteLine("Failed to find the domain or domain controller, error:" & err.Description)
WScript.Quit
End If
err.Clear
Set conn = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
If (err.number <> 0) Then
WScript.StdOut.WriteLine("Failed to bind to Active Directory server, error:" & err.Description)
objfileError.WriteLine("Failed to bind to Active Directory server, error:" & err.Description)
WScript.Quit
End If
Set objCommand.ActiveConnection = conn
WScript.StdOut.WriteLine("Searching for mailbox owner user accounts in " & sDomainContainer)
objCommand.CommandText = "<LDAP://" & sDCServer & "/" & sDomainContainer & ">;(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=*)) ))));adspath;subtree"
objCommand.Properties("searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Chase referrals") = (ADS_CHASE_REFERRALS_SUBORDINATE Or ADS_CHASE_REFERRALS_EXTERNAL)
err.Clear
Set rsUsers = objCommand.Execute
If (err.number <> 0) Then
WScript.StdOut.WriteLine("Search for mailbox owners failed, error:" & err.Description)
objfileError.WriteLine("Search for mailbox owners failed, error:" & err.Description)
WScript.Quit
End If
If (rsUsers.RecordCount = 0) Then
WScript.StdOut.WriteLine("No mailbox owner user accounts could be seen in " & sDomainContainer & ".")
objfileError.WriteLine("No mailbox owner user accounts found in " & sDomainContainer & ".")
fError = True
End If
While Not rsUsers.EOF
If (fOneError = True) Then
WScript.StdOut.Write("!")
Else
WScript.StdOut.Write(".")
End If
fOneError = False
'Skip any mailbox object in Microsoft Exchange System Objects container
If (0 = Instr(rsUsers.Fields(0).Value, MESO)) Then
err.Clear
Set objUser = GetObject(rsUsers.Fields(0).Value)
If (err.number <> 0) Then
objfileError.WriteLine("Failed to get user object: " & rsUsers.Fields(0).Value)
objfileError.WriteLine("Error: " & err.Description)
fError = True
fOneError = True
err.Clear
End If
Set objSDMailBox = objUser.MailboxRights
If (err.number <> 0) Then
objfileError.WriteLine("Failed to get mailbox rights: " & rsUsers.Fields(0).Value)
objfileError.WriteLine("Error: " & err.Description)
fError = True
fOneError = True
err.Clear
End If
Set objSDNTsecurity = objUser.ntSecurityDescriptor
If (err.number <> 0) Then
objfileError.WriteLine("Failed to get NTSD: " & rsUsers.Fields(0).Value)
objfileError.WriteLine("Error: " & err.Description)
fError = True
fOneError = True
err.Clear
End If
Set objDACLNTSD = Nothing
If (objUser.AccountDisabled) Then
sMailboxStatus = "Disabled"
Else
sMailboxStatus = "Enabled"
End If
'Query this user's publicDelegates list
err.Clear
msPublicDelegates = objUser.Get("publicDelegates")
If (err.number <> 0) Then
'This user doesn't have publicDelegates list set
sIfPublicDelegate = STRNO
err.Clear
Else
sIfPublicDelegate = STRYES
End If
err.Clear
FindAllFMAUsers objSDMailBox
If (TotalACE > dArraySize) Then
'Needs to allocate bigger size array
dArraySize = TotalACE + 1
ReDim Preserve sTrusteeAlias(dArraySize)
FindAllFMAUsers objSDMailBox
End If
If (err.number <> 0) Then
objfileError.WriteLine("Failed to query mailbox rights of user: " & rsUsers.Fields(0).Value)
objfileError.WriteLine("Error: " & err.Description)
err.Clear
fError = True
fOneError = True
End If
If TotalACE > 0 Then
Set objDACLNTSD = objSDNTsecurity.DiscretionaryAcl
For i = 0 to TotalACE - 1 Step 1
'Check if we already have Send As ACE in NT security descriptor
'If it exists, either allow or deny, we don't need to add send as to it
CheckSendAsACE objDACLNTSD, sTrusteeAlias(i)
'Note: deny entries take precedence over allow entries.
'If there is FMA deny ACE, skip it even if we find FMA allow ACE
IfFMAAllowed(sTrusteeAlias(i) & OUTPUT_DELIMITER)
If ((fFMAAllowed = True) And (fACESendasFound = 0)) Then
If cScriptMode = MODE_SETALL Then
Set objNewACE = CreateObject ("AccessControlEntry")
objNewACE.AceFlags = 0
objNewACE.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE
objNewACE.AccessMask = EX_MB_SEND_AS_ACCESSMASK
objNewACE.Flags = 1
objNewACE.ObjectType = EX_MB_SEND_AS_GUID
objNewACE.Trustee = sTrusteeAlias(i)
objDACLNTSD.AddAce objNewAce
End If
'Query trustee(FMA user) to get its displayName
Dim rsTrustee
Dim objTrustee
Dim dPosition
Dim sAlias
dPosition = inStr(1, sTrusteeAlias(i), "\")
sAlias = mid(sTrusteeAlias(i), dPosition + 1)
Set objCmdDisplayName = CreateObject("ADODB.Command")
Set objCmdDisplayName.ActiveConnection = conn
objCmdDisplayName.CommandText = "<LDAP://" & sDomainContainer & ">;(&(&(& (mailnickname=" & sAlias & ") (| (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=*)) ))));adspath;subtree"
objCmdDisplayName.Properties("searchscope") = ADS_SCOPE_SUBTREE
objCmdDisplayName.Properties("Page Size") = 100
objCmdDisplayName.Properties("Timeout") = 30
objCmdDisplayName.Properties("Chase referrals") = (ADS_CHASE_REFERRALS_SUBORDINATE Or ADS_CHASE_REFERRALS_EXTERNAL)
Set rsTrustee = objCmdDisplayName.Execute
Set objTrustee = GetObject(rsTrustee.Fields(0).Value)
If (err.number <> 0) Then
'Failed to query FMA user's display name, use its alias
sFMAUserDisplayName = sAlias
Else
sFMAUserDisplayName = objTrustee.displayName
End If
'output to export file
err.Clear
objfileExport.WriteLine ("""""""" & objUser.displayName & OUTPUT_DELIMITER & sTrusteeAlias(i) & OUTPUT_DELIMITER & sFMAUserDisplayName & OUTPUT_DELIMITER & sIfPublicDelegate & OUTPUT_DELIMITER & sMailboxStatus & OUTPUT_DELIMITER & rsUsers.Fields(0).Value & OUTPUT_DELIMITER & objUser.homeMDB & """""""")
If (err.number <> 0) Then
objfileError.WriteLine("User " & rsUsers.Fields(0).Value & " could not be added to the export file. You should set permissions manually for this user.")
objfileError.WriteLine("Error: " & err.Description)
err.Clear
fError = True
fOneError = True
End If
Set objCmdDisplayName = Nothing
Set rsTrustee = Nothing
Set objTrustee = Nothing
End If
Next
If cScriptMode = MODE_SETALL Then
err.Clear
objSDNTsecurity.DiscretionaryAcl = objDACLNTSD
objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
objUser.SetInfo
If (err.number <> 0) Then
objfileError.WriteLine("Failed to update ADSI for user: " & rsUsers.Fields(0).Value)
objfileError.WriteLine("Error: " & err.Description)
err.Clear
fError = True
fOneError = True
End If
End If
TotalACE = 0
Set objSDMailbox = Nothing
Set objSDNTsecurity = Nothing
Set objUser = Nothing
Set objDACLNTSD = Nothing
End If
End If
rsUsers.MoveNext
Wend
End If
If (cScriptMode = MODE_IMPORT) Then
Dim sOneRow
Dim sArraySplit
Dim objUserItem
Dim UserPath
Dim objUserSD
Dim objUserDACL
Dim fNeedToAddSendAs
sImportFilePath = WScript.Arguments(ARG_INDEX_FILENAME)
WScript.StdOut.WriteLine("If you continue, each account listed in " & sImportFilePath)
WScript.StdOut.WriteLine("that has Full Mailbox Access permission for a given mailbox")
WScript.StdOut.WriteLine("will also be granted permission to Send As the mailbox owner.")
WScript.StdOut.WriteLine()
WScript.StdOut.Write("Press Y to continue or any other key to cancel: ")
strInput = WScript.StdIn.ReadLine()
If (UCase(strInput) <> UCase("Y")) Then
WScript.Quit
End If
WScript.StdOut.WriteLine("Starting...")
WScript.StdOut.WriteLine()
UserPath = EMPTYSTRING
err.Clear
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objfileImport = objFSO.OpenTextFile(sImportFilePath, ForReading, False, TristateTrue)
If (err.number <> 0) Then
WScript.StdOut.WriteLine("Failed to open import file " & sImportFilePath & ", error:" & err.Description)
objfileError.WriteLine("Failed to open import file " & sImportFilePath & ", error:" & err.Description)
WScript.Quit
End If
fNeedToAddSendAs = False
Do While objfileImport.AtEndOfStream <> True
If (fOneError = True) Then
WScript.StdOut.Write("!")
Else
WScript.StdOut.Write(".")
End If
fOneError = False
err.Clear
sOneRow = objfileImport.ReadLine
sArraySplit = Split(sOneRow , OUTPUT_DELIMITER)
If (err.number <> 0) Then
objfileError.WriteLine("Failed to parse one row: " & sOneRow )
objfileError.WriteLine("Error: " & err.Description)
err.Clear
fError = True
fOneError = True
End If
If (UserPath <> sArraySplit(COLUMN_INDEX_USERADSPATH)) Then
'A new user
If (fNeedToAddSendAs = True ) Then
'update existing user
err.Clear
objSDNTsecurity.DiscretionaryAcl = objDACLNTSD
objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
objUser.SetInfo
If (err.number <> 0) Then
objfileError.WriteLine("Failed to update permissions for user: " & UserPath)
objfileError.WriteLine("Error: " & err.Description)
fError = True
fOneError = True
End If
End If
fNeedToAddSendAs = False
Set objUser = Nothing
Set objSDNTsecurity = Nothing
Set objDACLNTSD = Nothing
UserPath = sArraySplit(COLUMN_INDEX_USERADSPATH)
err.Clear
Set objUser = GetObject(UserPath)
Set objSDNTsecurity = objUser.ntSecurityDescriptor
Set objDACLNTSD = objSDNTsecurity.DiscretionaryACL
If (err.number <> 0) Then
objfileError.WriteLine("Failed to get user object: " & UserPath)
objfileError.WriteLine("Error: " & err.Description)
err.Clear
fError = True
fOneError = True
End If
End If
'Add newACE Do we need this check?
CheckSendAsACE objDACLNTSD, sArraySplit(COLUMN_INDEX_FMAALIAS)
If (fACESendasFound = 0) Then
Set objNewACE = CreateObject ("AccessControlEntry")
objNewACE.AceFlags = 0
objNewACE.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE
objNewACE.AccessMask = EX_MB_SEND_AS_ACCESSMASK
objNewACE.Flags = 1
objNewACE.ObjectType = EX_MB_SEND_AS_GUID
objNewACE.Trustee = sArraySplit(COLUMN_INDEX_FMAALIAS)
objDACLNTSD.AddAce objNewACE
fNeedToAddSendAs = True
End If
Loop
If (fNeedToAddSendAs = True ) Then
'update the last user
err.Clear
objSDNTsecurity.DiscretionaryAcl = objDACLNTSD
objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
objUser.SetInfo
If (err.number <> 0) Then
objfileError.WriteLine("Failed to update permissions for user: " & UserPath)
objfileError.WriteLine("Error: " & err.Description)
fError = True
End If
End If
End If
objFSO.Close
objfileImport.Close
objfileExport.Close
objfileError.Close
Set objFSO = Nothing
Set objfileImport = Nothing
Set objfileExport = Nothing
Set objfileError = Nothing
Set objCommand = Nothing
Set conn = Nothing
WScript.StdOut.WriteLine()
If (fError = True) Then
WScript.StdOut.WriteLine("Finished with one or more errors. See " & sErrorsFilename)
Else
WScript.StdOut.WriteLine("Finished successfully. No errors were encountered.")
End If
Function FindAllFMAUsers (objSD)
Dim objACL
Dim objACE
Dim intACECount
Dim strIndent
Dim dAccessMaskBit
Dim dPosition
Dim sUserAlreadyFound
On Error Resume Next
err.Clear
TotalACE = 0
sFMADeniedList = EMPTYSTRING
sFMAExplicitAllow = EMPTYSTRING
sUserAlreadyFound = OUTPUT_DELIMITER
intACECount = 0
Set objACL = objSD.DiscretionaryAcl
intACECount = objACL.AceCount
If intACECount Then
' Open discretionary ACL (DACL) data.
For Each objACE In objACL
dPosition = inStr(1, objACE.Trustee, "$")
If ((0 = Instr(UCase(objACE.Trustee & OUTPUT_DELIMITER), UCase(FMA_EXCLUSIVE_EXSVC))) And (0 = Instr(sUserAlreadyFound, OUTPUT_DELIMITER & objACE.Trustee & OUTPUT_DELIMITER)) And (0 = Instr(FMA_EXCLUSIVE_LIST, OUTPUT_DELIMITER & objACE.Trustee & OUTPUT_DELIMITER)) And (dPosition <> Len(objACE.Trustee)) And ((objACE.AccessMask And EX_FULLMailbox_AccessMask) <>0) And ((objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED) Or (objACE.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE) )) Then
If (TotalACE < dArraySize) Then
sTrusteeAlias(TotalACE) = objACE.Trustee
sUserAlreadyFound = sUserAlreadyFound & objACE.Trustee & OUTPUT_DELIMITER
End If
TotalACE = TotalACE + 1
If ((objACE.AceFlags And ADS_ACEFLAG_INHERITED_ACE) = 0) Then
'Keep a list who explictly set FMA at mailbox level
sFMAExplicitAllow = sFMAExplicitAllow & objACE.Trustee & OUTPUT_DELIMITER
End If
ElseIf (( (objACE.AccessMask And EX_FULLMailbox_AccessMask) <>0 ) And (objACE.AceType = ADS_ACETYPE_ACCESS_DENIED)) Then
'Keep a list who denied FMA, use OUTPUT_DELIMITER as demiliter,
'include both inherited and explicit set at mailbox level
sFMADeniedList = sFMADeniedList & objACE.Trustee & OUTPUT_DELIMITER
End If
Next
End If
Set objACL = Nothing
End Function
Function CheckSendAsACE (objDiscretionaryACL, sTAlias)
Dim objACE
Dim intACECount
err.Clear
fACESendasFound = 0
intACECount = objDiscretionaryACL.AceCount
If intACECount Then
For Each objACE In objDiscretionaryACL
err.Clear
If ( (objACE.Trustee = sTAlias) And (objACE.ObjectType = EX_MB_SEND_AS_GUID) ) Then
fACESendasFound = 1
End If
If (err.number <> 0) Then
objfileError.WriteLine("Could not read permissions for this user: " & sTAlias)
objfileError.WriteLine("Error: " & err.Description)
err.Clear
fError = True
fOneError = True
End If
Next
End If
End Function
Function IfFMAAllowed(sTrustee)
'FMA allow ACE has been found. Assume it's true
fFMAAllowed = True
If ( (0 <> Instr(sFMADeniedList, sTrustee)) And (0 = Instr(sFMAExplicitAllow, sTrustee)) ) Then
'If Denied ACE is found, and no explicit allow FMA
fFMAAllowed = False
End If
End Function
Function CreateOutputFiles
Dim sTimeArray
Dim sTimeShort
Dim sTime
err.Clear
sTime = Time
sTimeShort = Split(sTime, " ")
sTimeArray = Split(sTimeShort(0), ":")
Set objFSO = CreateObject("Scripting.FileSystemObject")
sErrorsFileName = ERROR_FILE & "_" & sTimeArray(0) & "_" & sTimeArray(1) & "_" & sTimeArray(2) & ".txt"
Set objfileError = objFSO.OpenTextFile(sErrorsFileName, ForWriting, True, TristateTrue)
If (cScriptMode = MODE_SETALL Or cScriptMode = MODE_EXPORT) Then
sExportFileName = EXPORT_FILE & "_" & sTimeArray(0) & "_" & sTimeArray(1) & "_" & sTimeArray(2) & ".txt"
Set objfileExport = objFSO.OpenTextFile(sExportFileName, ForWriting, True, TristateTrue)
End If
If err.number <> 0 Then
WScript.StdOut.WriteLine("Unable to create export or error files: " & err.Description)
objfileError.WriteLine("Unable to create export or error files: " & err.Description)
fError = True
fOneError = True
WScript.Quit
End If
End Function
Function DisplaySyntax
WScript.StdOut.WriteLine("Syntax:")
WScript.StdOut.WriteLine()
WScript.StdOut.WriteLine("Export accounts with Full Mailbox Access that do not have Send As permission:")
WScript.StdOut.WriteLine(" CSCRIPT """ & WScript.ScriptName & """ DOMAIN_CONTROLLER -Export")
WScript.StdOut.WriteLine(" NOTE: The list will be saved to Send_As_Export_HH_MM_SS.txt")
WScript.StdOut.WriteLine()
WScript.StdOut.WriteLine("Grant Send As to all accounts listed in an export file:")
WScript.StdOut.WriteLine(" CSCRIPT """ & WScript.ScriptName & """ DOMAIN_CONTROLLER -Import ""filename.txt""")
WScript.StdOut.WriteLine()
WScript.StdOut.WriteLine("Grant Send As to all accounts in the domain with Full Mailbox Access:")
WScript.StdOut.WriteLine(" CSCRIPT """ & WScript.ScriptName & """ DOMAIN_CONTROLLER -SetAll")
WScript.StdOut.WriteLine(" NOTE: Accounts will be listed in Send_As_Export_HH_MM_SS.txt")
WScript.StdOut.WriteLine()
WScript.StdOut.WriteLine("For all modes, errors are saved to Send_As_Errors_HH_MM_SS.txt")
WScript.Quit
End Function????? ???????? ?????
???? Microsoft ??????? ???????? ??????? ???? ??? ?? ???? ???? ?? ????. ???? ?????? ???? ?? ?????? ???????? ??????? ?????? ???????? ?? ???????? ???? ????. ????? ??? ??????? ??? ????? ??? ??? ??????? ???? ??? ????? ???????? ???? ??? ????????? ?????? ????????? ????????. ????? ?????? ????? ??? Microsoft ??? ????? ????? ????. ??? ????? ?? ???? ?? ?????? ?????? ??? ??????? ?????? ????? ?????? ?? ????? ??????? ?????? ??????? ?????.
????? ?? ????????? ??? ?????
???????? ???????? ?? Microsoft? ?? ?????? Microsoft ??? ???????
??????:
?????? ??? ?????? ???????? ?? ??? ??????? ????? ?????? ?????? ?? Microsoft. ?? ???? Microsoft ?? ????? ???? ?????? ?? ?????? ????? ???? ?? ?????????? ?? ??? ????????.
???? ??? ??????
