?????????? ?-??? ????? ???? ??? ???? ?? ??? ???? ???????? Exchange 2000 Server ??? ?? Exchange Server 2003 ??? ?? ?? ?????? ?????? ??

???? ?????? ???? ??????
???? ID: 912918 - ?? ???????? ?? ?????? ??? ?? ?? ???? ???? ???? ??.
??? ?? ??????? ???? | ??? ?? ??????? ????

?? ????? ??

?????

?? ?? Microsoft Exchange 2000 Server ??? ?? Microsoft Exchange Server 2003 ??? ??? ?-??? ????? ??? ????? ?? ?????? ????, ?-??? ????? ??? ???? ?? ???? ??? ??? ??, ?? ???? ?? ???? ????? ?????? ??????? ??? ?? ?? ?? ?? ????? ???-??????? ??????? (NDRs)?

?????? ?????

  • ????? ????????
  • ???? ??? ?? ???????? ?? ?? ???????? ???? ?? ??? ???????? ?????? ???? ??? ?????? ?????? ???? ?? ???? ?????? ?????????? ?? ??????
  • ????????? ????? ??????
  • MAPI_E_NO_ACCESS-2147024891
  • ?????????? ?? ?????????? ??? ?? ??? ??? ????? ?? ????? ???? ???? (HRESULT:-2147024891) Pausing ?????????? ?????????? ???? (??????? ?????? - ?????????? ???????? ?? ????? ????.)
  • ?????? ???? ????
???:???? "????? ????????" ?????? ????? ?? "?????? ???? ????" ?????? ????? Microsoft Outlook Web Access ?? ?? ?? ?? ????????? ???? ?? ??? ??? ?? ????

NDRs

  • ?? ???????????? ?? ????? ?? ?????? ???? ??? ?????? ?? ???, ???? ?????? ?????????? ?? ?????? ?????
  • ???? ???????? ?? ????? ???? ????? ???? ???? ?? ???? ????????? ?????????? ?? ?? ?? ????? ????? ?? ?????? ???? ???

???????? ?? ??????

?? ?????? ?? ????? ?????-???? ???????? ?? ???????? ???? ?? ??? ???? ???? ??:
  • ??? (RIM) BlackBerry ?????????? ????? (BES) ??? ???
  • ????? ???????????? GoodLink ??????? ?????
?? ?????? ????? MAPI ?? ?????? ???? ???????? CDO-?????? ????????? ?? ?-??? ????? ????? ?? ?? ???????? ?? ???? ???

???? ?-??? ????? ????? ?? ??? ???? ???? ?? ????? ???? ???? ?????-???? ???????? ?? ???????? ?? ???? ???? ??? ?? ?? ?????? ?? ???????? ???? ?? ?? ?????-???? ?????? ?? ??? ??? ???, ?? ??????? ???? ??? ?? ?? ?????? ?? ??? ???? ?? ??? ??? ?? ??? ???????? ?????? ???

???????, ?? ?? ?????? ???? ??? ?? ?? ????? ?????-???? ???????? ?? ???????? ???? ??? ?? ??????:
  • Cisco Unity ?????? ????????
  • Exchange ?? ??? quest ????????? ???
  • Exchange ?? ??? Microsoft ExMerge ??????

????

?? ?????? ????? ??? ?? ???? ?? ?? ?????? ?? ???? ???? ?? ?? ???? ??::
  • ???? ??? ?-??? ????? ?? ?-??? ????? ????? ?? ??? ????? ??? ?? ??? ???? ??? ???????? ?????? ?? ??? ??? ????? ?? ??? ????????? ???? ???
  • ?? ???? ?? ?? Store.exe ????? ??????? ?? ??? Microsoft Exchange 2000 Server ?????? ??? 3 (SP3) ??? ??? ??? ?? ??? ?? ??????? ?? ??? 6619.4? ??????? 6619.4 ????? Microsoft ???????? ???? ??? ?????? ???? ???? ???:
    915358?? ???????? ??????? Exchange 2000 Server ??? ????? ???????? ????? ?? ?????? ?? ????????? ???? ?? ??? ?????? ??
  • ?? ???? ?? ?? Store.exe ????? ??????? ?? ??? Microsoft Exchange Server 2003 SP1 ??? ??? ??? ?? ??? ?? ??????? ?? ??? 7233.51?
  • ?? ???? Store.exe ?? ??? Exchange Server 2003 SP2 ??? ??? ??? ?? 7650.23 ??????? ?? ??? ?? ?? ????? ?? ????? ???????? ??????? 7650.23 ????? Microsoft ???????? ???? ???? ??? ?????? ???? ???? ???:
    895949?????? ??????? ? ?? ??? ??? ????? ? 2003 ??? Exchange ?????
    ?? ???????? Exchange Server 2003 SP2 ??? ????? ???? ??? ??? ?? ?? ??? ???? ??? Exchange Server 2003 SP1 ?? ??????? ??? ??? Store.exe ????? ?? ?? ?? ???????? ????? ???, ?? Exchange Server 2003 SP2 ??? ???????? ??, ?? ?? ?? ??????? ?? ???? ?? ??? ?? ???????? ?? SP2 ??????? ??????? ???? ????? Microsoft Exchange Server 2003 SP3 ??? ?? ???????? ?? ????? ???? ??????

??????? CONCERNS

Store.exe ????? ??????? ?? "????" ??? ??? ???????? ???, ???? ?? ???? implicitly ????? ???????? ????? ?? ?????? ?????? ???? ?? ???????? ?????? ?? ??? ??? ????? ?? ?????? ??? ?? meant ?? ?? ????? ???????? ????? ?? ?????? ?? ?? ???? ???? ???? appeared ?? ???? ?? ?? ???????? ?????? ?? ?????? ???? ?? ?-??? ????? ???? ?? ????

?? Microsoft Exchange ???????? ?? ?? ??? ??? ????? ?????? ???? ???? ?? ????? ???????? ????? ?????? ????? ?? ?????? ?? ???????? ??:
  • ?-??? spoofing deter ???? ?? ????
  • ?? ????????? ???? ?? ?? ?-??? ???? ?? ??? ?? ????????? ?????? ???? ?? ????? ????? ?? ???? ??? ?? ???????? ???????? ?????? ?? ?????? ???? ?? ?-??? ????? ?? ?????? ?????????
Exchange ????? ?? ??? ?? ??????? ?? ??? ??? ????? ?????? ???????? ?????? ?? ??? ??? ?-??? ??????? ?? ????? ?? ??? ?????? ??? ?? ???????? ?? ????? ???????, ????? ???? ?? ???????? ?? ??? ????? ???:
  • ???????? ?????? ???? ????? ???????? ?? ??? ????????? ?? ??? ??? ?????? ????? ???? ?? ???????? ???
  • ?????? ????? ???? ??? ???????? ?? ??? ???????: ?? ??? ??? ????? ?????? ?? ???????? ???? ???
  • ????????? ???? ?? ????? ????? ???????? ????? ?? ?????? ???????: ?? ??? ??? ????? ?????? ?? ???????? ???? ???
?? ????? ?? ???? ??? ???? ??????? ?? ??? "???? ???????" ??? ??????

????????

??? ???? ??? ?? "????" ??? ??? ???????? ?? ???? ??, ??? ???????? ?? ??? ????? ?? ????? ????? ?? ?????? ?? ?? ????? ?? ???? ?? ???? ?????? ??? ?? ?? ?? ??? ??? ????? ?????? ???????? ?????? ???? ?? ??? ???????? ?????? ?? ??? ??? ??? ????? ?? ???? ?? ????????? ???? ???? ?? ??????? ???? ?????? ?????? ???????????? ?? ??? ?-??? ??????? ?? ????? ??? ????? ???

?? ??? ??? ????? ?????? ???? ???????? ??????? ?? ?? ???? ??????? ??? ???????? ???? ?? ??? ?????? ?????????? ?????????? ????????, ?? ????? ???? ?? ??? ???? ???? ??? ?????, ???????? ?????????? ???????? ?? ?? ?? ???????? ?????? ?? ???? ???? ?? ??? ?? ??? ??? ????? ?????? ?? ?? ???? ?????? ?? ?-??? ????? ????? ???, ?? ?? ???? ???? ????? ????? ???????? ?? ??????? ??, ????? ??? ?????????? ??? ?????????? ???????? ?? ?????? ?? ???? ???? ???? ?? ??? ?? ??? ??? ????? ?????? ?? ?? ?? ???? ???

?? ?? ??? ??? ????? ?????? Exchange Server ??? ??? ?? ?? ???? ????? ?? ?? ???? ??????? ???????? ?? ???? ?? ?????? ?? ?? ??? ??? ????? ?????? ??????? ??? ??? ?????????? ?? ??? ?????? ?? ????? ???? ?? ????? ?? ??? ??? ????? ?????? Exchange ??????? ???????? ?? ?? ???? ?? ????? ??????? ?? ?????? ??? ?????? ??????? ??? ??? ?????????? ?? ?????? ??????? ?? ?? ??? ???????, ?? ???? ???? ???? ???? ?? ??? ??? ????? ?????? ?? ?? ??????? ??? ?????????? ?? ?? ???????????? ?? ??? ???????

???:?? ??? ??? ??????? ?????? ???? Exchange ??????? ?? ?? ??????? ??? ??? ?????????? ?? ??? ????? ???????? ????? ?? ?????? ?????? ?? ???????? ???? ??? ?? ?? ????? ??????? ?? ????? ?????? ?? ??? ??? ???

?? ??? ??? ????? ?????? ?? ???? ?? ??? ???? ???? ????

?????? ??? ?? ?? ???????? ?????? ?? ??? ??? ????? ?? ??? ???? ???? ???? ?? ?????? ????, ?? ????? ?? ???? ????:
  1. ?????? ??????????? ?????????? ?? ???????? ??????? ????? ??????? ?????
  2. ????? ????????????? ??, ????????? ???? ?? ??????? ?????????????? ????? ??? If this option is not selected, the Security page will not be visible for User account objects.
  3. Open the properties of the user account that owns the mailbox.
  4. ????? ?????????????? ?? ????? ????..
  5. If the account is not already in the list of group or user names, add the account that should have the Send As permission for this user.
  6. ??????????????????? ???, ????? ????Allow for the "Send As"permission for the appropriate account.
  7. ????? ????,OK.
  8. Restart the Microsoft Exchange Information Store service on the affected Exchange server.
???:If you do not restart the Microsoft Exchange Information Store service, the Microsoft Exchange Information Store service will update its permissions cache to make the new permissions take effect according to the value that is set in the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersSystem

Value name: Mailbox Cache Age Limit
?????? ??? ??: REG_DWORD
Radix: ?????
??? ????:The mailbox information cache age limit in minutes.
The default value for this registry entry is 120 minutes (two hours). If you modify this registry entry, you must restart the Microsoft Exchange Information Store service.

???:If you set the time-out values to a very low value, you may affect the performance of the server.

How to grant the Send As permission for multiple accounts

?? ??? ??? ????? ?????? ?? ???? ??? ???????? ?? ??? ????? ???????? ????? ?????? ???? ???? ?? ??? ?????? ?????????? ???? ????? ?? ??? ????? ?? ?? ???? ?? ??? ??? ?? ????? ????????? ?? ?????? ????? ??? ??? ?? ???? ???? ?? ?????? ?? ???? ?? ??????? ???????? ?????? ???????? ????? ?? ?? ????????? ???? ????????? ?? ?? ?? ???? ??? ?? ??????? ????, ??????? ????, ?? ?? ??? ??? ????? ?????? ???? ?? ?? ?????? ?? ???????? ?? ???? re-import ??????? ????? ?? ????? ?? ???? ????

?? ?? ???? ?????? ?????????? ????? ?? ??? ???????? ??? ???????? ?????????? ???????? ?????????? ?????? ?? ??? ??? ????? ?????? ???? ?? ?? ???? ???? ??? ?? ?? ???? ?????? ?? ??? ??? ????? ?????? ???? ??, ?? ???????? ???? ???? ??? ???????? ?? ??? ????????? ???? ?? ???? ??? ??? ??, ?? ?? ???????? ?? ?? ???? ??? ???????? ?? ??? ????????? ?? ???? ???? ?????, ?? ???? ???? ???? ?? ?? ???? ???????? ??????? ???? ????? ?? ????????????? ???? ?? ??????????? ???? ???? ?? ?? ???? ???

??? ?? ?? ???? ?? ????? ?? ?? ??? ??? ????? ?????? ???? ??, ???? ?? ??? ?? ??? ??? ????? ?????? ??????? ?? ?? ????????? ???? ?? ??? ??? ???????? ?? ?? ?? ?????? ?? ?????? ??? ??? ????????? ?? ????? ?? ?? ????? ?? ??????? ???? ?? ??? ??????? ?????? ??????? ?? ?? ?? ??? ??? ????? ?????? ???? ???

?????????? ?? ????? ?? ?? ??? ??? ????? ?????? ?????? ?????????? ????? ?? ???????? ??? ??? ?????????? ????? ?? ???? ?? ???? ?? ??? ????, ?? ????? ?? ???? ????:
  1. ?????? ??????????? ?????????? ?? ???????? ??????? ????? ??????? ?????
  2. ????? ????????????? ??, ????????? ???? ?? ??????? ?????????????? ????? ??? ??? ?? ?????? ????? ???? ??, ?? ??????? ????? ???? ????? ????? ???????? ????? ?? ???????? ?? ????
  3. ????? ?? ?????? ?? ??? ?????, ?? ???? ??? ??????? ??? ????? ?????
  4. ????? ????,?????.
  5. ??? ???? ?? ?????? ?? ???????? ?? ?? ???? ?? ?? ???????? ???? ??, ?? ????? ????add, ?? ???? ??? ?? ???? ?? ??? ????? ??????, ???? ?? ??????? ???? ?? ??? ???-????? ?????
  6. ??????? ???? ???? ??????, ????? ?????????????? ??????????.
  7. ???? ?? ??? ??? ????? ?????? ????
  8. ????? ????,OK?? ?? ?? ??? ?????????? ?? ?????? ?? ???? ???

AdminSDHolder ?? ??? ????? ???? ???????? ????

If you use the script to grant the Send As permission for a mailbox owner that is also a domain administrator, the Send As permission will not be effective. We strongly recommend that you do not mailbox-enable user accounts that have domain administrator rights or that are adminSDHolder protected.

TheadminSDHolderobject is a template for accounts that have broad Active Directory administrative rights. To prevent unintended elevation of privileges, any account that is protected by theadminSDHolderobject must have permissions that match those that are listed on theadminSDHolderobject itself.

If you change the rights or the permissions on theadminSDHolder???? ???????? ???? ?? ???, ???? ????????? ????? ???????? ?? ???? ??? ???????? ?? ???????? ?????? ?????? ?? ???, ??? ?? ?? ??? ??? ????? ?????? ???? ????????? ?? ???? ???? ?? ??? ???? ????? ?????????? ???????? ?? ????, ????????? ????? ????? ???????? ??? ?? ????? ???????

?????, ?? ?? ??? ??? ????? ?????? ?????? ???????? ?? ?? ???? ???? ?? ??? ????????? ???? ???? ?? ??? ???? ???? ?? ????adminSDHolder??? ?? ???????? ????????adminSDHolder???????? ?????? ??? ?? ?????adminSDHolder????????, ???????? ??? ????? ?? ??? ????? ????????? ????????? ?????? ???? ???????? ???? ?????adminSDHolder???????? ???? ???????? ??????? ???? ???????? ?? ??? ??????? ?? ???? ???? ?? ?? ???? ?? ??????? ???? ?? ??? ???

??? ???????? ?? ?????? ???????? ?? ?? ???? ???? ?? ??? ?????? ????adminSDHolder???????? ?? ???, ????? ????? ?? ???? ????:
  1. ?????? ??????????? ?????????? ?? ???????? ??????? ????? ??????? ?????
  2. ????? ????????????? ??, ????????? ???? ?? ??????? ?????????????? ????? ??? ??? ?? ?????? ????? ???? ??, ?? ??????? ????? ???? ????? ????? ?????????? ???? ?????????? ?? ????
  3. ???????? ?????? ?? ??? ??? ????? ???? ?? ??? ??????? ?????????? ???? ??????
  4. ??????? ?????????? ???? ?? ??? Exchange ???????? ????? ??????
  5. ??? ???????? ?????? ???? ?? ????? ?? ??????
  6. ?????Exchange ?????????? ???, ???????? ?????????? ???? ?? ??? ????? ???????? ????? ?? ?????? ????
  7. ??????? ????? ?? ??? ??? ????? ?????? ???????? ?????????? ???? ?? ??? ????
  8. ????? ????,OK???????? ?????? ???????? ?? ??? ?? ???? ?????? ???? ?? ????
  9. ???????? ?????? ???? ???????? ?? ????-????? ????, ?? ???? ??? ????? ???????? ????? ??????? logons ?? ??? ???? ????? ?????
AdminSDHolder ???????? ???? ?? ???? ??? ???? ??????? ?? ??? ?????? ?? Microsoft ???????? ??? ????? ?? ??? ????? ???? ???????? ?? ????? ????:
907434?? ??? "??? ?????" ???? ?????? ???? ?? ?? ?????????? ???????? ?????? ??????????? ?????????? ?? ???????? ??? "?? ??? ??? ?????" ???? ?? ???????? ???? ?? ??? ?????-?? ??? Exchange ?????
318180AdminSDHolder ????? ????? ?????? ?? transitive ????? ???????? ???? ??
817433?? ????????? ?????? ???? ??? ?? ?????????? ???????? ??? ?? ????? ??
306398AdminSDHolder ???????? ????? ?????????? ???? ?? ??? ???????? ?? ???????? ???????? ???? ??

BlackBerry ?????????? ????? ?? ??? ????? ?????

????? 1: ????????? ???? ?? ?? BlackBerry ?????????? ????? ?? ?? ???, ????? ???? ?? ??? ??? ?? ??? ??

????????? ???? ?? BlackBerry ?????????? ????? ???????????? ????? ?? ??? ????? ??? ?? ???? ?? ???? ??? ???? ?? ??? ??? ?? ??? ??? ???????? ??? ??, ?? ???? ?????? ?? "BESAdmin."

??? ???? ??? BlackBerry ?????????? ????? administering ?? ??? ??? ??? ???? ??, ?? ????? 2 ?? ?????

??? ???? ??? ??? ??? ???? ???? ??, ?? ?? ??? ???? ?????? ???, ???????????? ????? ???? ?? ??? ?? ???? ?? ????? ????? ??? ???? ?? ??? ???? ???? ?? ???? ??? ????????? ?? ??? ????? BlackBerry ??? ??????, BlackBerry ?????????? ????? ?????? ???? ?? ??? ?? ??????? ?? ???? ?? ?? ?? ?????
BlackBerry ?????????? ????? 4.0 ?? BlackBerry 4.1 ?????????? ?????
??? ?? ??? ??? ??? BlackBerry ?????????? ????? 4.0 ?? BlackBerry 4.1, ?????????? ????? ?? BlackBerry ?????????? ????? ??????? ???????????? ?????? ?? ???????????? ?? ??????? ???? ?? ??? ????? BlackBerry ???? ????? ????:
HTTP://na.blackberry.com/eng/deliverables/2751/BESX_Install_Guide_427146_11.PDF
BlackBerry ?????????? 3.6 ?????
??? ?? ?????????? ????? 3.6 BlackBerry ??? ??? ???, ?? ?????????? Server 2000/2003 ??????? BlackBerry ?? ???? ??????? ???????????? ?? ??? ?????? ?? ???????????? ?? ??????? ???? ?? ??? ????? BlackBerry ???? ????? ????:
HTTP://na.blackberry.com/eng/deliverables/1568/2000_2003_Installation_Guide.PDF

????? 2: ????????? ???? ?? BlackBerry ?????????? ????? ???? ???? ?? ???? ??? ??????? ?????????

BlackBerry ?????????? ????? ???? ???? ?? ???? ??? ??????? ????????? ???????

???:??? ???? ????? ??? ??, ?? ????????? ???? ?? ???? ???? ????? ?????????? ???? ?? ????? ??? ??? ????? ???????? ?? ???? Built-in ???????????? ?? ???? ?? ????? ???? ??????
  1. BlackBerry ?????????? ????? ?? ????? ????? ?? ???? ????:
    1. ????????? ???? ?? ???? ??????? ?????????? ???? ?? ????? ???
    2. ???? ?? ??? "??? ?? ???????" ?? "??? ?? ?? ??? ??? ?? ????" ????????? ????? ?????
  2. ???? Exchange ?????????? View-Only ????????? ???????????? ???? ?? ???? ?? ??? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. In Exchange System Manager, right-click the first Exchange Server administrative group name, and then clickDelegate Control.
    2. Notice that the BlackBerry Enterprise Server service account is listed as having the role of Exchange View-Only Administrator.
  3. Grant "Send As," "Receive As," and "Administer Information Store" permissions at the server level for each Exchange server. ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. In Exchange System Manager, right-click the first Exchange Server administrative group name, and then expand the??????????
    2. Right-click an Exchange server, click????? ????-????? ????, ?? ???? ??????????.
    3. ????? ??? ??? BlackBerry ?????????? ?? ??? ???? ????? ???? ????? ????? ??? ???, ????????? ???? ?? ?? ??? "????? ???," "?? ??? ??? ??????? ????" ?? "Administer ????? ??????" ????????? ??? ?? ?? ????????? ???.
    4. ???????? Exchange ?? ??? ??? 3b ?? 3 c ??????? ??????
  4. "?? ??? ??? ???????" ?? "?????????? ????? ??????" ????????? ???????? ?? ??? ?????? "??? ????? ???," ???? ??? ???? ?? ???, ????? ????? ?? ???? ????::
    1. Exchange ?????? ?????? ???, ???? Exchange ?????????? ???? ??? ?? ????-????? ????, ?? ???? ??? ??????? ??????????????
    2. ???? ???????? ?????? ???? ?? ??????? ????, ???????? ???????? ?????? ?? ????-????? ????, ????? ????????? ????-????? ????, ?? ???? ??????????.
    3. ????? ??? ??? BlackBerry ?????????? ?? ??? ???? ????? ???? ????? ????? ??? ???, ????????? ???? ?? ?? ??? "????? ???," "?? ??? ??? ??????? ????" ?? "Administer ????? ??????" ????????? ??? ?? ?? ????????? ???.
    4. ???????? Exchange ????? ?? ???????? ???????? ?????? ?? ??? ??? 4b ?? 4 c ????????
  5. ?????? ??????????? ?????????? ?? ???????? ?????-?? ???, ????? ????? ?? ???? ????:
    1. ?????????? ?? ??? ????????? ??????, ?? ???? ??? ???? ????? ??? ????-????? ???????.
    2. ????? ?????????????? BlackBerry ?????????? ????? ???? ???? ??????, ?? ???? ??? ?? ??? ???? ?? ??? ????? ?????? ??? ??? ???????? ?????.
??? ?? Exchange Server 2003 ???? ??? ??? ???, ?? ????? 3 ??????

????? 3: BlackBerry ?????????? ????? ?? ??? ?? ???? ????

Exchange ????? ??? ????????? ??? ?? ???? ????, Blackberry-?????? ???? ?? ???????? ????, ?? Microsoft ???????? ??????? ????? ?? ???????? ????? Exchange ????? ???????? ???? ?? ??? ???? "BESAdmin" ???? ??? ??-????? ????? Exchange ????? ?? ?????? ?? ??? ??? RIM Blackberry-?????? ???? ???????? ???? ?????? ???

???? ???????

Exchange ???????? ?? ??????? ?? ????? ????????? ?????? ?????????? ?? Microsoft Exchange ??????? ?? ??? ?????? ?? ??? ???? ???????, ?????? ?????????? ?????????? ??????? ????? ??? ????? ?????? ?? ????????? ??? ???, ????? ????? ????????? ?? ??? ??????? ??? ???????? ????

??????????, ??? ??? ?????? ?? ???? ???????? ?? ??? ??????? ????? ?? ??? ??, ?? ?? ?????? ?????????? ?? ?????? ??? If it is set on the Exchange Advanced Mailbox Rights page, it is an Exchange database permission.

ThemsExchMailboxSecurityDescriptorActive Directory attribute is a backup copy of a subset of the effective mailbox rights. It is used internally by Exchange for a variety of purposes. ??? ??,msExchMailboxSecurityDescriptorattribute is updated to match current effective rights if administrators use supported interfaces to assign rights. However, if themsExchMailboxSecurityDescriptorattribute is modified directly by an administrator, the changes will not be propagated to the Exchange store, and the changes will not take effect. It is not guaranteed to be synchronized with actual mailbox rights. You should not use themsExchMailboxSecurityDescriptor??????? ????? ?? ?? ???????? ?????? ??????
???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
310866Exchange Server 2003 ?? Exchange 2000 Server ???????? ?????? ??????? ?????? ??? ????? ?? ?? ???? ???????? ?? ??? ???? ?? ??? ???? ????

????? ???????? ????? ?????? ?? Exchange ??????? ?????? ?????? ??? ?? ??? ??? ????? ?????? ?? ?????? ?????????? ?? ?????? ??? ?? ????, Exchange ?????? ??? ????? ???? ??? ????? ???????? ??? ???? ????? ?????? ?? ??? ??? ????? ?????? ?? ??? ??? Exchange Store.exe ???? ?? ???? ?????? ???? ?? ?? ?? ????? ???????? ????? ?? ???????

?? ??? ??? ????? ?????? ????? ???????? ????? ?????? ?? ??? ?? ????? ????? ??????? ?? ??? ??? ????? ?????? ?????????? ?? ????? ?? ???? ?? ???????? ?? ??? ???? Exchange ????? ?????????? ?? ????? ???? ??? ??? ?? ??? ??? ????? ?????? ????? ???????? ????? ?????? ?? ????? ????, ?????? ?????? ?????????? ?????????? ?? ???? ??? ?? ????? ?? ????????? ??????? ????? ?????? ?? ??? ??? ?????? ?????????? ?? ?????? ?? ?? ? ??? Exchange ????? ?????? ??? ?????, ????????? ?? ???? necessarily Exchange ?????????? ?? ???????? ????

???????? ??????

?? ???????? ?????? ?? ??? ??? ?????? ?????????? ?????????? ???? whose ????????? ??msExchMailboxGUID??????? carries globally ????? ?????????? (GUID) ??? ????? ???????? ?? ??? ??? ???? ???????? ??? ???? ?? ???? ?? ?? ????? ???????? ?? ??? GUID ?? ???? ???? ?? ??? ?????? ??? ??? ?? ??? ????? ?????? ?? ???? GUID ?? ??? ??? ???? ?? ?????? ????, ?????? ?????????? ?????? ?? ??? ???????? ?????????? ??????

?? ?? ????????-????? ???? ?? ?? ?? ?????? ???????????? ???????? ?????? ?????????? ???? ???? ?? ???, ???????? GUID ???????? ??? ?? ??? ???? ??? ?? ?? ???? ??? ?? ???? ?? ?????? ?? ?? ???????? GUIDs ?? ???? ??? ???? ?? ??? ?????????? ?? ??? ?????????

?????? ????? ????

Exchange ?? ?????? ???????? ??? ??????? ???? ?? ??? ?? ??????? Exchange ??????????? ??? ??? ?????? ???????? ??? ?? ???????? ???? ?????????? ?????? ??? ?????????? ????? ?? ????? ???????? ??? ??? ?? presents ?????? ???????msExchMailboxGUID??????? ???? Exchange ????? ?? ??? ??? ???? ???????? ??? ???????? ?? ??? ???? ?? ???? ???

?? ?????? ?? ?? ???? ?? ??? ???? ???? ?? Exchange ????? ???????? ??? ????????-????? ??? ???? ???, ?? ???? ?? ????????-????? ???? ??? ???? ?? Microsoft Windows NT 4 ????? ??? ?? ???? ???? ???????? ??? ???? ?? ?? ???? ?????? ????? ???? ?????? ?????? ?? ???? ???? ???? ??? ??? ???? ???? ???? ?? ?????? ????? ???? ?????? ?? ?? ????? ????? ???? ?? ????? ???????? ???? ?????? ???

?? ?? ?????? ????? ???? ?????? ??? ??, ?? ???? ?? ??? ????? ???? ?? ??? SID ??? ???? ?? ??? ???msExchMasterAccountSid???????? ?????? ?? ??????? ??? ?????, ?? ???? ?? ?? ??? ??? ?????? ??, ????? ?? ??? ?? ????????? ???? ?? ??? ?? ????????? ?????msExchMasterAccountSid??????? ??? ???? ???msExchMasterAccountSid?? ?????? ??????? ??? ?? ?? ??, SID ?????? ????? ???? ?? ????? Exchange ????? ???? ?? ?? ???????? ???????? ?????? ???? ???

???:?? ???? Exchange ?????, ??? ?????? ?????????? ?? ????? ?? ??? ???? ???? ?? ??? ???? ???? ??? ??? ??, ???? ????? ??????? logons ?? ??? ????????? ?? ??? ??? ???????? ?????? ???? ?????? ????? ???? ?????? ?? ??? ????????? ?? ??? ??? ????? ???????? ??? ???? ?? ????
???? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
300456?? ??? ??????? ????????? ?? delegations ???? ???? Exchange 2000 ??? ????? ???? ?? ???

???????? ????????

?? ?????????, ?????????? ?? ??? ?? ???? ???? ???????? ?? ?? ???????? ?????? ?? ?? ?-??? ????? ????? ?? ??? ???? ?? ?? ??? ????? ????? ?? ?? ??? ??? ???????????? ??????? ?? ??? ?? ???????????? ????? ?? ????????? ????? ???? ?? ??????? ???????? ???????? ??? ????????? ?? ???? ??? ?????????? ????? ?? ??????? ?? ?????? ????? ??? ??, ????????? ???????????? ?? ?? ?? ??? ?? ?-??? ????? ?? ????? ?? ???? ????

?? ?? ?? ????? ???? ?? ????????? ?? ????????? ?? ??? ?? ????? ?? ??????? ?? ????? ?? ???? ??:
  • ???????? ?????? ???????? ?? ???? Exchange ??????? ??? ?????? ?? ?? ?? ????? ????? ????? ????
  • Microsoft Office Outlook ??? ????? ????????????????????? ????? ?? ??????? ?? ??? ?? ..
?? ????? ??????? ??? ????publicDelegates???????? ?? ??????? ??? ?? ??????? ??? ???????? ???? ???? ??? ???????????? ?? ??? ???????? ?????? ?? ??? ?????? ?? ?? ?? ?????? ?? ??? ???????????? ??? ?????? ?? ??? ?? ?? ?-??? ????? ???????????? ???, ?-??? ????? ???? ?? ????????? ?? ?? ???? ?? ?? ???????? ?????? ?? ??? ???? ?-??? ???????????? ????? ??? ?? ????????? ???? ??:
????????? ?? ???> ?? ?????????? ??????>
??? ?????? ???, ???? ?? ??? ???? ??? ??????publicDelegatesOutlook ??? ??????? ??????? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
329622????? "?? ?????" ?? ?????? ?? ???? ???? ??? ?????????? ?? ??? ?? Outlook ??? ????? ????????? ?? ???

??? ?? ???? ???????? ?? ??? ????????? ????? ????, ????????? ????? ?? ???? ????? ?????? ?? ?? ?? ??? ???? ???? ???? ???????? ????????? ??? ?? ???? ?? ?? ??? ????? ???? ????? ?? ????????? ?? ??????? ?????? ?? ????? ?????? ?? ?? ??? ???? ???????? ????????? ?? ??????? ?? ??? ????????? ??? ??? ?? ???????? ?? ?????? ?? ????? ?? ???? ?????? ??? ??????????, ???????????? ?? ?????? ?? ??? ?????? ?????? ?? ???????? ????????? ??? ?????? ???? ?? ??? Outlook ????? ?????? ??? ???? ?? ??? ????? ?????????????? ????????Outlook, ?? ???? ??? ??? ???????? ?????????? ?? ??????.

???????? ??? ??, ???????????? ??? ???? ??? ???? ???????? ??? ??? ???????? ???????? ?? ??? ??? ??????? ?? ??????????????? Outlook ????????? ???? ?? ???? ?? ???? ???? ???????? ?? Outlook ?????? ???? ????????? ??? ????? ???? ?? ??? ??? ??? ??, ?? ???? ???? ???????? ?? ??? ?? ????????? ?? ??? ?? ????????? ??? ??? ????????? ?? ????? ?? ??? ???? ???

?? ???-??? ?????? ?? ?? ?? ????? ?? ?? ???? ??? ?? ?? ??? ??? ????? ?????? ???? ??? ???? ?? ??? ???? ????????? ?? ???? ???? ?? ?? ????????? ?? ??? ?? ????????? ?? ???????? ???? ?? ??? ????? ????? ?? ???? ????:
  • ???? ????????? ????? ???????? ????? ??????? ?? Outlook ?? ?????? ?? ???? ?? ???? ???? ?? ???? ??? ???? ????, ?????? ?????????? ?????????? ???? ?????? ??? ???????? ?????? ????? ??? ?? ???? ???????? ??? ???????? ??????? ?? ?????? ????????? ???? ??, ?? ?? ???? ?? ????? ???????? ????? ?? ?????? ?? ??? ??? ?? ?? ???????
  • ???? ???? ????????? ?? ??? ??? ????? ??????? ??? ?? ???? ????????? ?? ??? ??? ????? ??????, ?? ????????? ?????? ???? ?? ??? ?-??? ????? ?? ??? ??? ????? ?????? ?? ??? ??? ??? ??????? ????????? ????? ?????? ?? ?? ?? ????? ???? ??? ????? ???? ??????
?? ???????? ???, ???????????? ?? ????? ?????? ?? ?? ?? ????? ???? ????? ?? ??? ?? ?????????? ???? ????? ?? ???? ??? ???????????? ?? ???? ????? ???? ??? ??? ?? ???? ?-??? ????? ?? ?? ???????? ???? ?? ?? ??? ???? ????????? ??? ?? ??, ?-??? ????? ?? ???????? ??? ?? ???? ????? ?? ?? ???? ??? ???? ?? ???????????? ?? ?? ??? ?-??? ????? ?????, ?????? ??? ???? ??? ???? ???? ?????? ???????? ?? ????? ?? ??? ?-??? ????? ?? ??? ????? ???

?? ???????????? ???? ????????? ?? ?? ???????? ???????? ?? ??? ??? ???? ???? ???????? ?? ???? ?? ??, ?? ???? ???? ?? ?? ?? ??? ?-??? ????? ????? ????? ????? ?????? ?? ?? ?? ?? ???? ???? ???????? ??? ???????? ???????? ?? Outlook ?? ??????? ???????? ?? ??? ???

?? ?? ?? ??? ??? ??? ?-??? ????? ????? ?? ??? ???????????? ????? ???, ?? ????? ?? ??? ?? ???? ???????? ?? ??? ???? ???? ???????? ?? ????? ?? ?? ??? Outlook ????????? ?? ????? ????? ?? ?? ??? ??? ?? ???? ?? ??? ?? ????????? ???????????? ????? ???????? ??? ?? ???? ????? ?? ?? ??????? ?? ?-??? ?????

?? ??? ??? ????? ?????? ?? ???? ????? ???????? ????? ?? ?????? ?? ???? ?? ???? ??? ??

????? ????????? ?? ?? ??? ??? ????? ???? ??? ?? ???? ????? ???????? ????? ?? ?????? ?? ??? ?? ?? ??? ??? ????? ?????? ?? ???? ??? ???????? ?? ??? ?????????? ???? ?? ??? ?? ??? ??? ?? ?????? ?????????? ????? ??? ??? ?? ?????

?????????????? ???? ?? ?? ????????? ????????? ????, ????? "???????????? ?? ??? ???????? ?????? ?? ???? ???"????

????????? ?? ????? ??? ??? ??? ??:
  • ???????????? ???????? ????? ?? ?? ???????????? ?? ???? ?? ?????? ?????? ????? ???? ?? ??? ??? ????? ??????? ?? ?? ?? ???? ??? ?? ?? ??? ??? ????? ?????? ?? ??? ???? ????? ??? ?? ???? ?? ???? ?? ??????? ?? ??? ?????? ?? ???? ???? ?????? ?? ??? ???? ????
  • ???? ????????? ???????? ????? ?? ?? ???????????? ?? ???? ?? ???? ?? ?????? ?? ??? ???? ?? ??? ??? ????? ?????? ????? ?? ?? ??? ??? ???? ?? ?? ????? ???????? ????? ?????? ?? ?? ??? ??? ????? ?????? ???? ?? ????????? ?? ????? ???? ???? ?? ???? ??? ???????? ???? ???? ?? ?? ????? ???????? ????? ???? ?????? ?????? ?? ?? ??? ??? ????? ?????? ?? ?? ?????
  • SetAll??? ???????????? ?? ??? ????? ??? ???? ?? ?? ???? ????? ???????? ?? ??? ????? ???????? ????? ?? ?????? ?? ?? ?? ?? ??? ??? ????? ?????? ???? ?? ???? ???? ??? ????? ??????? ????? ?? ??? ??? ???? ?????? ??? ????? ?? ?????? ?? ??????? ?? ???? ??? ?? ??????? ????? ?? ?????? ?? ???? ?? ??? ?? ?????? ???
???:?? ????????? ??? ??????? ?????? ???? ???

????????? ?? ??? ?????? ?????????

?? ?? ??? ?? ??? ?? ??? ???????? ?????? ???? ???? ???????? ??? ?? ?? ?? ?? ???????????? ???? ?? ????????? ????? ?????? ??? ????????? ?? ??? ???????????? ????????? ????? ???????? ???? ???? ?? ??? ??? ???? ?? ???? ??? ????????? ?? ??? ???? ?? ????? ??? ??? ??? ???????? ?????? ???? ?? ????? ??? ??? ???????? ?? ????? ???????? ??? ????? ?? ?? ???? ?????????? ???

?? ?????? ?? ??? ??, ????????? ??? ???? ??? ?? ?? ???? ?????????? ????? ?? ??? ??? ?? ??? ??? ?? ???? ?? ????? ??RunAs.exe????? ?? ????????? ?????? ?? ???? ?? ??? ???? ??? ??? ??? ???? ?? ?? ??? Exchange ????? ?? ??? ?????? ?????????? ????? ???????? ?? ???? ???, ?? ?????? ?????????? ?? Exchange Server ????????? segmented ??? ?? ???????? ???????????? ???? ?? ??? ??? ????????? ?? ????? ?? ??? ????? ????????? ?? ??? ???? ???? ????? ?????? ?? ????? ????:
RunAs.exe /user:domain\account CMD.EXE
???:?? ?? ?? ????? ?? ??????? ?? ?? ??? ??? ?????? ???????????? ????????? ???? ????? ??????

??????? ????? ??? ????? ??????????? ???? ????? ?? ???? ??? ?? ???????? ?? ?? ??? ??????? ????? ??? ????? ???? ??? ????
  • ???????? ?????? ???? ?? ??? ????????? ????

    ?? ???????? ?????? ?? ???? ???? ???? ?? ?? ?????? ????? ??? ?? ?? ???? ?????? ?? ???? ??? ?? ??????? ?? ???? ??, ?? ???? ?????? ???? ???? ???????? ?? ??? ????? ???????? ????? ????????? ????
  • ????? ???????? ????? ????????? ????? ???? ?? ??? ??? ????? ?????? ???? ???? ???? ?? ????? ?? ??? ?? ???

    ??? ?? ???? ????? ?? ???? ?? ?????? ??? ???? ??????? ????? ?? ????? ?? ???? ?????? ?????????? ?? ??? ????? ??? ?? ?????? ???? ????????? ?? ???? ???? ?? ??? ?? ?? ?? ???? ?????? ?????????? ?? ?????? ???? ?? ?? ???? ??????? ?? ??? ?? ???? ???
  • ????? ???????? ????? ?? ?????? ?? ????? ???? ?? ??? ??? ????? ?????? ???? ???? ???? ?? ??? ????????? ????

    ?? ????? ?? ????? ?????? ????? ??? ??????? ???????? ?? ??? ???? ???? ?? ??????? ?? ??? ???? ????? ?? ??? ???
  • ???????? ?????? ?? ?????? ?? ?????????

    ???????? ?????? ???????????? ?? ??, ??? ????? ?? ??? ??????????? ??. ???????? ?? ?????? ???? ???????????? ?? ??, ??? ????? ?? ??? ????? ?????????.
  • Enabled or disabled status of the mailbox owner account

    This field is useful when you want to identify resource accounts or cross-forest mailbox accounts. Typically, these accounts are disabled.
  • Full Distinguished Name of the mailbox owner account

    This field is useful when you want to identify the domain and the container of the mailbox owner account.
  • Full Distinguished Name of the mailbox owner's mailbox database

    This field includes the database, the storage group, the server, and the administrative group for the mailbox.
In the following example, the user who has the logon name "NoSendAs" has the Full Mailbox Access permission but not the Send As permission for the "Mailbox Owner" mailbox:
"""Mailbox Owner""" """Domain\NoSendAs""" """No Send As User""" """Has Delegates""" """Enabled""" [additional fields omitted]

Administrative workstation configuration for the script

This script uses Exchange management interfaces to communicate with Exchange servers. Therefore, this script must be run from an Exchange server or from a workstation with Exchange System Administrator installed.

Editing the export file

The export file is formatted as Unicode plain text so that character sets from multiple languages can be accommodated. Some text editors may be unable to correctly view or edit the file or may save the file as ANSI or ASCII text. The Notepad utility for Windows Server 2003, Windows XP, and Microsoft Windows 2000 can correctly handle Unicode text files. Additionally, Microsoft Office Excel can correctly handle Unicode text files.

The output file is in a tab-delimited format with triple quotation marks around the values for each field. The triple quotation marks are used to make importing and exporting from Excel more deterministic. In Excel, the triple quotation marks will become single quotation marks, and will revert to triple quotation marks when the file is saved again as Unicode text. See the following instructions to correctly open and save an export file in Excel.

?? find.exe ?????? ?? Findstr.exe ?????? ?? ????? ?? Excel ?? ????? ??? ???? ??????? ????? ?? ??????? ?? ?? ???? ???? ?? ?????????? Windows ?? ??? ????? ???? ?? ???? ????? ??? ???? ?? ??? ??? ???? ?? ???? ?? ?????? ??? ?? ????????? ?? ???? ?? ?????? ??? ???? ??? ?? ?????? ?????? ?? ???? ?????? ?? ???, ??? ?? ??? ???????? ?????? ?? ?? ?????? ???????????? ?? ????? ??? ??? ???? ????? ?? ??? ????? ???, ?? ?? ????? ????? ?????? ?? ??? ????? ?????? ???? ???????? "??? ?????????" ?? ??? ?????? ????? ?? ???:
OriginalFile.txt Find.exe "??? ?????????" > HasDelegates.txt

Findstr.exe /C:"Has Delegates" OriginalFile.txt > HasDelegates.txt
As another example, suppose that you filter out all the mailbox owners with delegates. The/Vswitch outputs all lines that do not match the search words. You can use any of these commands to generate a file that excludes all "Has Delegates" lines:
Find.exe "No Delegates" OriginalFile.txt > NoDelegates.txt

Find.exe /V "Has Delegates" OriginalFile.txt > NoDelegates.txt

Findstr.exe /C:"No Delegates" OriginalFile.txt > NoDelegates.txt

Findstr.exe /V /C:"Has Delegates" OriginalFile.txt > NoDelegates.txt
You can also use these commands to generate a file that lists all the accounts where an application service account has Full Mailbox Access permission but does not have the Send As permission. The/Iswitch makes the command case-insensitive:
Find.exe /I "domain\ServiceAccount" OriginalFile.txt > ServiceAccount.txt

Findstr.exe /I /C:"domain\ServiceAccount" OriginalFile.txt > ServiceAccount.txt
???:If you use the Find.exe utility to generate a filtered file, you must remove the header lines that the Find.exe utility will create at the top of the file.

Do not use wildcard file names (*.*) with the Findstr.exe utility. ??? ?? ??????????? ?????? ?? ????? ???? ???, ?? ?????? ????? ??? ?? ???? ????? ?? ??? ?? prefaced ?? ?????? ???? ????? ?????? ????? ?? ??????? ????????????? ???? ???? ?? ???? ??????? ?????? ?? ?? ??? ???? ????? ?? ???? ?? ??? find.exe ?? Findstr.exe ?? ????? ?? ?????? ???? ?? ????

????? ?????? ??? ??? ?? ?? ?????????? ??? "NoSendAs" "???????? ??????" ???????? ?? ??? ?????? ?? ??? ??? ????? ???????? ????? ?? ?????? ??, ????? ????? ???? ???
"""Mailbox Owner""" """Domain\NoSendAs""" """No Send As User""" """Has Delegates""" """Enabled""" [additional fields omitted] 

???????????? ?? ??? ???????? ?????? ?? ???? ???

????? ???????? ????? (?? ???? ?? "super-delegate") ?? ????? ?? ?? ??? ?? ?? ?? ????????? ????? ???? ???? ?? ???? ?? ?? ??? ??? ????? ??????? Super-delegate ???? ?? ???????? ?????? ???????? ??? ?? ???? ??, ?? ????????? ?????? ?? ??? ??? ??? ???? ???? ?? ????????? ???????? ???????? (Outlook ?? ????????????? ?????????? ???????,???? ?????????? ?? ?????? ?????), ?????? ?? ?? ????? ???? ????

??? super-delegate ???? ?? ??? ?? ??? ??? ????? ?????? ???? ???? ??? ????????? ???????? ?????? ?? ??? ??? ????? ?? ??? ????? ?? ???????? ?????? ?? ?? ????? ?? ??? ??? ???? ???? ????? ???? ?? ??????? ???? ??? ?? ?? ??? "??? ?????????" ?? ??? ??????? ????? ???, ?? ?? ????????? ???? ?? ???? ?? ?? super-delegates ???????? ???? ??? ?? ?????? ??? ???????? ?????? ?? ???????????? ????

??????? ????? ??? ???? super-delegates ???????? ?? ?? ???? ??????? ???????????? ????? ???????? ????? ?? ?????? ???? ??? ??? ??, ?? ?? ???? ??????? ????????? ?? ??? ??? ????? ?????? ????, ????????? ????? ????? ????? ???????? ?????? ?? ??? ???? ?? ???? ?? ?? ?? ?? ??????? ????????? ????? ???????? ????? ?? ?????? ???? ??? ??? ?? ???? ?? ??? ???????? ???? ??? ?? ?? ?? ????????? ?? ??? ??? ????? ?????? ?? ????, ?? ??? ??? ?????? ????? ????? ?? ?? ???? ????

Excel ??? ???? ??????? ????? ????? ?? ??? ???? ????

  1. ??????? ????? ????? ?? ???? Excel ??????? ?????
  2. Excel ??? ????? ????? ?? ??? ??? ??????? ?? ??? ???? ????? ??? ???? ??????? ??????? ?? ???? ???
  3. ??? ???? ??????? ???, ??? ?????, ?? ????? ???????? ??????? ????:
    • ??? ???? ??????: ????????
    • ?????? ?? ???? ??????? ????: 1
    • ????? ?? ???: ??????? (UTF-8)
    • ???????: ??? ????
    • ?????? ??????? ?? ?? ?? ??? ??? ?????: ????????
    • ??? ??????????: "(??? ?????? ?????)

????? ?? Excel ??? ?????? ???? ?? ??? ?? ??????? ????? ?? ?????? ?? ??? ???? ????

  1. ??????? ????? ??? ????? ?????? ??? ??? ??????.
  2. ??? ????? ?? ??? ????????? unedited ?????? ???? ???? ??? ????? ??? ?? ????? ?? ????? ?? ???????
  3. ????? ????,????????? ????,?? ??? ??? ??????, ?????? ?? ?????? ?? ??? ??? ????? ??? ???? ????, ?? ???? ??? ????? ??????????? ?????????? ?????? ?????????? ????

????????? ??? ????????

?? ?? ??? ??? ????????? ??, ?? ?? ???? ?????, ?? ????? ????????? ????? ??? ???? ?? ??????????????? ????? ?? ??????? ?? ??? ?? .. ?? ????? ????????? ????? ?? ????? ?? ??? ????? ???????????????? ????,???????????:cmd??????????????? ???, ?? ???? ???OK.

?????? ??? ?? ??????? ???? ????????? ?? ??????? ?????????? ??? ??????? ????? ?????? ???? ?? ?????????? ??? ??????? ????? ?? ?????? ???? ?????? ??? ???? ?????? ??? ?? ??????? ???? ?? ??? ????? ???? ???? ????:
CSCRIPT AddSendAs.vbs
????? ???????? ????? ?? ?? ??? ??? ????? ?????? ?? ???? ???? ????? ?? ??? ???? ??? ?? ???????????? ?? ??????? ???? ?? ??? ????? ???? ???? ????:
CSCRIPT AddSendAs.vbs [domain controller name] ?Export
Example:
CSCRIPT AddSendAs.vbs CORP-DC-1 ?Export
??????? ????? ?? "Send_As_Export_H_MM_SS.txt." ?? ??? ??? ????? ???? ?????

???? ??????? ??????? ????? ?? ???? ???? ?? ??? ????? ???? ???? ????:
CSCRIPT AddSendAs.vbs [domain controller name] ?Import [filename]


Example:


CSCRIPT AddSendAs.vbs CORP-DC-1 ?Import "Send_As_Export_H_MM_SS.txt"

?? ??? ??? ????? ?????? ?? ??? ???? ?? ?? ??? ???????? ?? ??? ????? ???????? ????? ?? ?????? ???? ??? ???????????? ?? ??? ????? ??? ???????? ???????? ?? ??? ???? ???? ????

???:??? ???? ??? ?? ?? ????? ???????? ????? ?? ???????????? ?? ?????? ???? ????? ??? ???? ????? ???? SetAll ??? ?? ????? ????? ?? ?????? ???? SetAll ??? ?? ????? ?? ?????? ???, ??? ???????????? ?? ????? ????? ?????? ?? ??? ???? ?? ??????? ?? ???? ?? ????? ?? ?????? ?? ?? Sent ?? ???? ?? ??? ??? ???? ?? ?????? ?? ????? ???? ?? ??? ?? ??? ?-??? ????? ?? ???? ???? ???? ?? ??????? ?? ?? ??? ??? ????? ?????? mistakenly ????????? ?? ??? ?? ?? ?? ?? ?????? ????? ?? ??? ?? ???? ??:
CSCRIPT AddSendAs.vbs [domain controller name] ?SetAll


Example:


CSCRIPT AddSendAs.vbs CORP-DC-1 ?SetAll
??? ?? SetAll ??? ?? ????? ????, ??????? ????? ???? Send_As_Export_H_MM_SS.txt ?? ??? ??? ????? ?? ?????? ????????? ??? ?? ??? ????? ?? ??????? ?? ??????? ?? ?? ????? ?? ?????? ?????? ??? ?? ????????? ?? ??? ?? ????? ?? ??? ??? ?? ??, ?? ???? ???? ?????? ????? ?? ?? ???? ??????? ???? ???? ???? ?? ?? ?? ??? ?? ?? ??? ??? ????? ???????

?????? ?? ????? ???? ??? ?? ?? ????????? ??? ??? ??? ?? Send_As_Errors_H_MM_SS.txt ????? ?? ??? ????? ?????? ?????? ????? ??? ?? ??? ?? ?????? ??????? ????? hours_minutes_seconds ??? ??????? ????? ?? ??? ???? ???

????????? ??????

???? ???? ????? ??? ?? ?????????? ?? ????????? ??? ?? ?? ???? ??, ????? ?? ?????? ???????? ???? ?? ??? ???? ????? ???? ??????? ????? ?? ???? ?? ?? ???? ?? ??? ?? ?? ????? ?? ????????? ?? ????? ?? ??? ????? FMA_EXCLUSIVE_LIST ?? ??????? ???? ?????? ?? ???? ???? ???????? ??? ??, ?? ?? ????????? ?????? ??? ???? ???? ????? ?? ??? ???? ???????? ???? ??? ?? ????? ?????? ?? ????? ???? ??? ???? ???? ???? ???? ????
& "<Domain\Name>" & OUTPUT_DELIMITER
?????? ?? ???, ?? ????? ?? ?? ??? ??? ?????
FMA_EXCLUSIVE_LIST = OUTPUT_DELIMITER & "NT AUTHORITY\SELF" & OUTPUT_DELIMITER & "NT AUTHORITY\SYSTEM" & OUTPUT_DELIMITER
????? ?? ????? ???? ?? ??? ??? ????
FMA_EXCLUSIVE_LIST = OUTPUT_DELIMITER & "NT AUTHORITY\SELF" & OUTPUT_DELIMITER & "NT AUTHORITY\SYSTEM" & OUTPUT_DELIMITER & "Mydomain\Service1" & OUTPUT DELIMITER
This change suppresses the listing of the "Mydomain\Service1" account in the export file together with "NT AUTHORITY\SELF" and "NT AUTHORITY\SYSTEM." Notice that the Domain\Name value is case-sensitive, and it must appear exactly as it does or as it would in the export file.

There is another editable variable, FMA_EXCLUSIVE_EXSVC, that has the default value "\Exchange Services" & OUTPUT_DELIMITER. "Exchange Services" is the name of an account that is granted permissions through the Active Directory Connector in Exchange Server 5.5 and in Exchange 2000 migration and co-existence scenarios. This account is created in multiple domains, and it may appear repeatedly in the export file if it is not suppressed.

The FMA_EXCLUSIVE_EXSVC variable accepts only one account as its value. The account name is not case-sensitive. The account must start with a backslash character (\) and should not include the domain to which the account belongs. The account will be suppressed for all domains in which it exists.

If you have used third-party migration tools or directory synchronization methods, a different account may exist in multiple domains that has widely-granted permissions to user mailboxes. In this scenario, you can substitute the name of that account for "\Exchange Services."

Tips and caveats

  • Do not discard log and error files that are generated by the script. They may be valuable for troubleshooting or reversing changes later. Remember, as soon as you have granted the Send As permission to an account, it will no longer be logged in the export file.
  • If an Exchange server or database is down, script processing will be slower. In such a case, you can sort the export file by database and move lines that are associated with a stopped database to a different file for later import.
  • ????????? suppresses ???? ????? ??? "$" ??? ?????? ???? ?? ?? NT AUTHORITY\SYSTEM ?? ????? ?? ?????? ??? ?? ?????? ???? ????? ???? ?????????? ?? ??? ??? ????? ?????? ?? ???????? ??, ?? ???? ???? ????? ?? ?? ?? ??????? ??????? ????? ???
  • ??????? ????? ??????? ?????? ??? ???? ?????? ???? ?? ???? ??? ???? ???? ?? ????? ??? ???? ????? ?? ANSI ??? ?? ??? ??? ????? unintentionally ??, ?? ?? ?? ???? ??? ?? ?????? ?? ?? ?? ????? ?? Notepad ??? ??? ?? ??? ?? ?? ??????? ?? ??? ??? ?????? ????
  • ??? ??? ???? ????? ???? ?? ??? ??, ?? ??????? ????? ?? ???? ????? ??? ??? ??? ?????? ?? ??? ?????? ??????? ?? ????? ?? ?? ??? ???? Exchange server ???????? ??? ??? ??????? ???? ???????? ????, ?? ???? ??? ??????? ?? ???? ???? ???? ?? ??? ????? ???????? ????? ?? ?????? ????? ?? ??? ??? ????? ?????? ???? ??????? ???? ?? ??? ???? ???? ???
  • ?? ????????? ?? ??? ???????? ??? ???? ??? ???? ?? ??? ??? ?? ??? ??? ????? ?????? ?? ?? ?? ????????? ?? ??? ?? ???? ??, ?????? ?? ?? ?? ???? ????????? ????? ???? ?? ???????? ??? ?? ?????? ???????? ??? ???????? ??? ??? ?? ?????? ?? ??? ??? ????? ?????? ??? ???????????? ?? ??? ??????? ?? ??? ?? ????????? ?? ????? ?? ???? ?? ??? ?????? ???? ???
  • ????????? ???? ???? ?? ????? ???????? ????? ?? ??? ??? ?????????? ???????? ????? ???????? ?? ?? ?? ?? ??? ?? ??????? ????? ????? ???????? ?? ?? ??? ??? ????? ?????? ????? ??, ????? ????????? ???? ??????? ????? ???? ?? ??? ?? ?? ??? ??? ????? ?????? ???? ??? ?? ??????? ????? ?? ???? ??? ???? ??, ????? ?? ????? ???? ?? ??? ??, ?? ???? ??? redundantly ??? ???? ?? ??? ?? ??? ??? ????? ?????? ?????? ???? ???? ???? ???
  • ?? ????????? ?? ????? ?? ?????? ?????????? ?????????? ???? ??? distinguished ?? ?? ??? ?? ????? ????? ?????? ????? ?? ????? ??????? ???? ?? ???? ???? ?? ???? ??? ????????? matched ????? ?????? ????? ???? ?? ????? ????? ??? ?? ???? ??? ?? ??? ??? ?? ????????? ?? ???? ???:
    "CN ?????"Nickname"= ?????, DC ?????, DC = = com"
  • Excel ?? ???????? ??????? ?? ?? ????? ?????? ???? ?? ???? ?? ?????? ???? ??????? ??????? ?? ???, Microsoft ?????? ??? ??? ???? ????? ?? ??? ????? ???? ?????? ????? ????::
    120596Excel 97, Excel 2000, Excel 2002 ?? Excel 2003 ?? 65536 ????????? ?? ??? ???? ??? ?? ??? ??????? ???? ???? ?? ???? ???? ?? ????
    ?????? ???? ?? Excel 2003 ?? Excel 2007 ?? ??? ????? ???:
    • Excel 2003: 65,536 ?????????
    • Excel 2007: 1,048,576 ?????????
    ?????? ????? ???? ?? ???? ?? ???? ??, ??? ?? ?????? ???? ?? ?????? ???????? ??? ???? ???? ?? ?? ??? ??? Excel ????
  • Send_As_Errors ????? ????????? ???? ?? ???? ???? ???? ??? ?? ????????? ?? ??? ???? ?????? ??? ??? ???? ???? ?? ????? ??? ??? ?? ??????? ??? ?? ??, ?? ????? ?? ???? ?? ??? common ??? ?? ????????? ?? ?????? ?? ??? ???? ?? ????? ??? ??????? ???????? ??? ????? ????? ???:
    • ????? ?? ??? ?? ??? ???? ?? ????? ?? ??? ???????????? ????????? ?? ???????????
    • Exchange ???????? ?????? ???? ?? ??? ???
    • ?????????? ?? ?? ????? ?? ????? ???? ???
    • ????? ???? ?? ??? ?? ?? ???????????? ???? ???? ???????? ?? ???? ???
?? ????????? ?? ????? ?? ??? ????????? ????? ?? ??????? ?? ??? ??? ????????? ??????? ????????? ?? ????????? ??? ??? ???? ??? ?????? ???? Notepad ??? END. ????????? ?? AddSendAs.vbs ?? ??? ??? ??????? ??????? ??????????
Option Explicit

Dim OUTPUT_DELIMITER
OUTPUT_DELIMITER = """""""" & vbTab & """"""""

'Define exclusive list, if FMA is given to any user in this list, it's ignored.  If you 
'want to modify this list, please be sure to follow the same format. Every alias has to 
'have a OUTPUT_DELIMITER before and after it
Dim FMA_EXCLUSIVE_LIST
FMA_EXCLUSIVE_LIST = OUTPUT_DELIMITER & "NT AUTHORITY\SELF" & OUTPUT_DELIMITER & "NT AUTHORITY\SYSTEM" & OUTPUT_DELIMITER
Dim FMA_EXCLUSIVE_EXSVC
FMA_EXCLUSIVE_EXSVC = "\Exchange Services" & OUTPUT_DELIMITER

'Permission Type: Allow or Deny
const ACCESS_ALLOWED_OBJECT_ACE_TYPE  = 5
const ADS_ACETYPE_ACCESS_ALLOWED = &h0
const ADS_ACETYPE_ACCESS_DENIED = &h1

'Flags: Specifies Inheritance
const ADS_ACEFLAG_INHERIT_ACE = &h2
const ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE = &h4
const ADS_ACEFLAG_INHERIT_ONLY_ACE = &h8
const ADS_ACEFLAG_INHERITED_ACE = &h10
const ADS_ACEFLAG_VALID_INHERIT_FLAGS = &h1f
const ADS_ACEFLAG_SUCCESSFUL_ACCESS = &h40
const ADS_ACEFLAG_FAILED_ACCESS = &h80

'Declare ADSI constants
Const ADS_OPTION_SECURITY_MASK = 3
Const ADS_OPTION_REFERRALS	= 1
Const ADS_SECURITY_INFO_DACL = 4
Const ADS_CHASE_REFERRALS_NEVER = &h00 
Const ADS_CHASE_REFERRALS_SUBORDINATE = &h20 
Const ADS_CHASE_REFERRALS_EXTERNAL = &h40

'output file name
Const EXPORT_FILE = "Send_As_Export"
Const ERROR_FILE = "Send_As_Errors"

' script mode
const MODE_INVALID = -1 
const MODE_SETALL = 0
const MODE_EXPORT = 1
const MODE_IMPORT = 2
const SETALL = "-SETALL"
const EXPORT = "-EXPORT"
const IMPORT = "-IMPORT"

' argument index
Const ARG_INDEX_MODE = 1
Const ARG_INDEX_DC = 0
Const ARG_INDEX_FILENAME = 2

' column index in import/export file
Const COLUMN_INDEX_USERDISPLAYNAME = 0
Const COLUMN_INDEX_FMAALIAS = 1
Const COLUMN_INDEX_FMADISPLAYNAME = 2
Const COLUMN_INDEX_IFPUBLICDELEGATE = 3
Const COLUMN_INDEX_MAILBOXSTATUS = 4
Const COLUMN_INDEX_USERADSPATH = 5
Const COLUMN_INDEX_HOMEMDB = 6

Const EMPTYSTRING = ""
Const STRNO = "No Delegates"
Const STRYES = "Has Delegates" 
Const MIN_ARG = 2
Const INIT_ARRAY_SIZE = 100

' Microsoft Exchange 
Const EX_MB_SEND_AS_ACCESSMASK  = &H00100
Const EX_FULLMailbox_AccessMask = 1
Const MESO = "Microsoft Exchange System Objects"
Const EX_MB_SEND_AS_GUID = "{AB721A54-1E2F-11D0-9819-00AA0040529B}"

Const ForReading	= 1
Const ForWriting	= 2
Const ForAppending	= 8
Const TristateTrue	= -1
Const ADS_SCOPE_SUBTREE = 2

Dim objUser
Dim objSDMailBox
Dim objSDNTsecurity
Dim objDACLNTSD
Dim objNewACE

Dim sTrusteeAlias()
Dim sFMADeniedList
Dim sFMAExplicitAllow
Dim fACESendasFound
Dim dArraySize
Dim TotalACE
Dim i
Dim rootDSE
Dim conn
Dim objCommand
Dim objCmdDisplayName
Dim rsUsers
Dim FoundObject
Dim objFSO
Dim objfileImport
Dim objfileExport
Dim objfileError
Dim sImportFilePath
Dim cScriptMode
Dim dArgCount
Dim dArgExpected
Dim sDCServer
Dim sMailboxStatus
Dim sIfPublicDelegate
Dim sFMAUserDisplayName
Dim sExportFileName
Dim sErrorsFileName
Dim msPublicDelegates
Dim fError
Dim fOneError
Dim fFMAAllowed

On Error Resume Next
dArraySize = INIT_ARRAY_SIZE
ReDim Preserve sTrusteeAlias(dArraySize)

dArgCount = Wscript.Arguments.Count 
If ( dArgCount < MIN_ARG ) Then
	DisplaySyntax
End If

err.Clear
fError = False
fOneError = False
cScriptMode = MODE_INVALID
Select Case UCase(WScript.Arguments(ARG_INDEX_MODE))
	Case SETALL 
		cScriptMode = MODE_SETALL
		dArgExpected = ARG_INDEX_MODE + 1
	Case EXPORT 
		cScriptMode = MODE_EXPORT
		dArgExpected = ARG_INDEX_MODE + 1
	Case IMPORT 
		cScriptMode = MODE_IMPORT
		dArgExpected = ARG_INDEX_FILENAME + 1
	Case Else 
		cScriptMode = MODE_INVALID
End Select
If (cScriptMode = MODE_INVALID Or dArgCount <> dArgExpected) Then
	DisplaySyntax
End If

sDCServer = WScript.Arguments(ARG_INDEX_DC)

CreateOutputFiles

If ( cScriptMode = MODE_SETALL Or cScriptMode = MODE_EXPORT ) Then
	Dim sDomainContainer
	If (cScriptMode = MODE_SETALL) Then
		Dim strInput 
		WScript.StdOut.WriteLine("WARNING: If you continue, each account in the domain that has")
		WScript.StdOut.WriteLine("Full Mailbox Access permission for a given mailbox will also be")
		WScript.StdOut.WriteLine("granted permission to Send As the mailbox owner.")
		WScript.StdOut.WriteLine()
		WScript.StdOut.WriteLine("To preview the list of mailboxes before granting Send As,")
		WScript.StdOut.WriteLine("cancel this operation and use the -Export mode of this script.")
		WScript.StdOut.WriteLine()
		WScript.StdOut.Write("Press Y to continue or any other key to cancel: ")
		strInput = WScript.StdIn.ReadLine()
		If (UCase(strInput) <> UCase("Y")) Then
			WScript.Quit
		End If	
	End If
	
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("""!"" indicates an error processing an object.")
	WScript.StdOut.WriteLine("     Check " & sErrorsFilename)
	WScript.StdOut.WriteLine("Starting...")
	WScript.StdOut.WriteLine()

	err.Clear	
	Set rootDSE = GetObject("LDAP://" & sDCServer & "/RootDSE")
	sDomainContainer = rootDSE.Get("defaultNamingContext")
	WScript.StdOut.WriteLine("Finding domain controller [ " & sDCServer & " ] for domain [ " & sDomainContainer & " ]")
	
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Failed to find the domain or domain controller, error:" & err.Description)
		objfileError.WriteLine("Failed to find the domain or domain controller, error:" & err.Description)
		WScript.Quit
	End If
			
	err.Clear	
	Set conn = CreateObject("ADODB.Connection")
	Set objCommand = CreateObject("ADODB.Command")
	conn.Provider = "ADSDSOObject"
	conn.Open "ADs Provider"
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Failed to bind to Active Directory server, error:" & err.Description)
		objfileError.WriteLine("Failed to bind to Active Directory server, error:" & err.Description)
		WScript.Quit
	End If

	Set objCommand.ActiveConnection = conn
	WScript.StdOut.WriteLine("Searching for mailbox owner user accounts in " & sDomainContainer)
	
	objCommand.CommandText  = "<LDAP://" & sDCServer & "/" & sDomainContainer & ">;(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=*)) ))));adspath;subtree"
	objCommand.Properties("searchscope") = ADS_SCOPE_SUBTREE
	objCommand.Properties("Page Size") = 100
	objCommand.Properties("Timeout") = 30 
	objCommand.Properties("Chase referrals") = (ADS_CHASE_REFERRALS_SUBORDINATE Or ADS_CHASE_REFERRALS_EXTERNAL)

	err.Clear	
	Set rsUsers = objCommand.Execute
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Search for mailbox owners failed, error:" & err.Description)
		objfileError.WriteLine("Search for mailbox owners failed, error:" & err.Description)
		WScript.Quit
	End If

	If (rsUsers.RecordCount = 0) Then
		WScript.StdOut.WriteLine("No mailbox owner user accounts could be seen in " & sDomainContainer & ".")
		objfileError.WriteLine("No mailbox owner user accounts found in " & sDomainContainer & ".")
		fError = True		
	End If

	While Not rsUsers.EOF
		If (fOneError = True) Then
			WScript.StdOut.Write("!")
		Else
			WScript.StdOut.Write(".")
		End If
		fOneError = False
		
		'Skip any mailbox object in Microsoft Exchange System Objects container
		If (0 = Instr(rsUsers.Fields(0).Value, MESO)) Then
			err.Clear 
			Set objUser = GetObject(rsUsers.Fields(0).Value)
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to get user object: " & rsUsers.Fields(0).Value)
				objfileError.WriteLine("Error: " & err.Description)
				fError = True
				fOneError = True
				err.Clear
			End If
			Set objSDMailBox = objUser.MailboxRights
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to get mailbox rights: " & rsUsers.Fields(0).Value)
				objfileError.WriteLine("Error: " & err.Description)
				fError = True
				fOneError = True
				err.Clear
			End If
			Set objSDNTsecurity = objUser.ntSecurityDescriptor
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to get NTSD: " & rsUsers.Fields(0).Value)
				objfileError.WriteLine("Error: " & err.Description)
				fError = True
				fOneError = True
				err.Clear
			End If
			
			Set objDACLNTSD = Nothing
			If (objUser.AccountDisabled) Then
				sMailboxStatus = "Disabled"
			Else
				sMailboxStatus = "Enabled"
			End If

			'Query this user's publicDelegates list
			err.Clear 
			msPublicDelegates = objUser.Get("publicDelegates")
			If (err.number <> 0) Then
				'This user doesn't have publicDelegates list set
				sIfPublicDelegate = STRNO
				err.Clear
			Else
				sIfPublicDelegate = STRYES
			End If
			
			err.Clear 			
			FindAllFMAUsers objSDMailBox
			
			If (TotalACE > dArraySize) Then
			'Needs to allocate bigger size array
				dArraySize = TotalACE + 1
				ReDim Preserve sTrusteeAlias(dArraySize)
				FindAllFMAUsers objSDMailBox
			End If
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to query mailbox rights of user: " & rsUsers.Fields(0).Value)
				objfileError.WriteLine("Error: " & err.Description)
				err.Clear
				fError = True
				fOneError = True
			End If
			
			If TotalACE > 0 Then
				Set objDACLNTSD = objSDNTsecurity.DiscretionaryAcl

				For i = 0 to TotalACE - 1 Step 1
					
					'Check if we already have Send As ACE in NT security descriptor
					'If it exists, either allow or deny, we don't need to add send as to it 
					CheckSendAsACE objDACLNTSD, sTrusteeAlias(i)
					
					'Note: deny entries take precedence over allow entries. 
					'If there is FMA deny ACE, skip it even if we find FMA allow ACE 
					IfFMAAllowed(sTrusteeAlias(i) & OUTPUT_DELIMITER)
					If ((fFMAAllowed = True) And (fACESendasFound = 0)) Then
						If cScriptMode = MODE_SETALL Then
							Set objNewACE = CreateObject ("AccessControlEntry")
							objNewACE.AceFlags = 0 
							objNewACE.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE
							objNewACE.AccessMask = EX_MB_SEND_AS_ACCESSMASK 
							objNewACE.Flags = 1
							objNewACE.ObjectType = EX_MB_SEND_AS_GUID
							objNewACE.Trustee = sTrusteeAlias(i)

							objDACLNTSD.AddAce objNewAce
						End If
			
						'Query trustee(FMA user) to get its displayName
						Dim rsTrustee
						Dim objTrustee
						Dim dPosition
						Dim sAlias
					
						dPosition = inStr(1, sTrusteeAlias(i), "\")
						sAlias = mid(sTrusteeAlias(i), dPosition + 1)
				
						Set objCmdDisplayName = CreateObject("ADODB.Command")			
						Set objCmdDisplayName.ActiveConnection = conn
						objCmdDisplayName.CommandText  = "<LDAP://" & sDomainContainer & ">;(&(&(& (mailnickname=" & sAlias & ") (| (&(objectCategory=person)(objectClass=user)(msExchHomeServerName=*)) ))));adspath;subtree"
						objCmdDisplayName.Properties("searchscope") = ADS_SCOPE_SUBTREE
						objCmdDisplayName.Properties("Page Size") = 100
						objCmdDisplayName.Properties("Timeout") = 30 
						objCmdDisplayName.Properties("Chase referrals") = (ADS_CHASE_REFERRALS_SUBORDINATE Or ADS_CHASE_REFERRALS_EXTERNAL)
						
						Set rsTrustee = objCmdDisplayName.Execute				
						Set objTrustee = GetObject(rsTrustee.Fields(0).Value)
						
						If (err.number <> 0) Then
							'Failed to query FMA user's display name, use its alias
							sFMAUserDisplayName = sAlias							
						Else
							sFMAUserDisplayName = objTrustee.displayName							
						End If
	
						'output to export file
						err.Clear
						objfileExport.WriteLine ("""""""" & objUser.displayName & OUTPUT_DELIMITER & sTrusteeAlias(i) & OUTPUT_DELIMITER & sFMAUserDisplayName & OUTPUT_DELIMITER & sIfPublicDelegate & OUTPUT_DELIMITER & sMailboxStatus & OUTPUT_DELIMITER & rsUsers.Fields(0).Value & OUTPUT_DELIMITER & objUser.homeMDB & """""""")
						If (err.number <> 0) Then
							objfileError.WriteLine("User " & rsUsers.Fields(0).Value & " could not be added to the export file. You should set permissions manually for this user.")
							objfileError.WriteLine("Error: " & err.Description)
							err.Clear
							fError = True
							fOneError = True
						End If
						Set objCmdDisplayName = Nothing
						Set rsTrustee = Nothing
						Set objTrustee = Nothing
					End If
				Next
					
				If cScriptMode = MODE_SETALL Then
					err.Clear
					objSDNTsecurity.DiscretionaryAcl = objDACLNTSD
					objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
					objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
					objUser.SetInfo
					If (err.number <> 0) Then
						objfileError.WriteLine("Failed to update ADSI for user: " & rsUsers.Fields(0).Value)
						objfileError.WriteLine("Error: " & err.Description)
						err.Clear
						fError = True
						fOneError = True
					End If
				End If

				TotalACE = 0
				Set objSDMailbox = Nothing
				Set objSDNTsecurity = Nothing
				Set objUser = Nothing
				Set objDACLNTSD = Nothing
			End If
		
		End If	
		rsUsers.MoveNext
	Wend
End If

If (cScriptMode = MODE_IMPORT) Then
	Dim sOneRow
	Dim sArraySplit
	Dim objUserItem
	Dim UserPath
	Dim objUserSD
	Dim objUserDACL
	Dim fNeedToAddSendAs
	
	sImportFilePath = WScript.Arguments(ARG_INDEX_FILENAME)

	WScript.StdOut.WriteLine("If you continue, each account listed in " & sImportFilePath)
	WScript.StdOut.WriteLine("that has Full Mailbox Access permission for a given mailbox")
	WScript.StdOut.WriteLine("will also be granted permission to Send As the mailbox owner.")
	WScript.StdOut.WriteLine()
	WScript.StdOut.Write("Press Y to continue or any other key to cancel: ")
	strInput = WScript.StdIn.ReadLine()
	If (UCase(strInput) <> UCase("Y")) Then
		WScript.Quit
	End If	
	WScript.StdOut.WriteLine("Starting...")
	WScript.StdOut.WriteLine()

	UserPath = EMPTYSTRING	
	err.Clear	
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objfileImport = objFSO.OpenTextFile(sImportFilePath, ForReading, False, TristateTrue)
	If (err.number <> 0) Then
		WScript.StdOut.WriteLine("Failed to open import file " & sImportFilePath & ", error:" & err.Description)
		objfileError.WriteLine("Failed to open import file " & sImportFilePath & ", error:" & err.Description)
		WScript.Quit
	End If	

	fNeedToAddSendAs = False
	Do While objfileImport.AtEndOfStream <> True
		If (fOneError = True) Then
			WScript.StdOut.Write("!")
		Else
			WScript.StdOut.Write(".")
		End If
		fOneError = False

		err.Clear
		sOneRow = objfileImport.ReadLine
		sArraySplit = Split(sOneRow , OUTPUT_DELIMITER)
		If (err.number <> 0) Then
			objfileError.WriteLine("Failed to parse one row: " & sOneRow )
			objfileError.WriteLine("Error: " & err.Description)
			err.Clear
			fError = True
			fOneError = True
		End If
		
		If (UserPath <> sArraySplit(COLUMN_INDEX_USERADSPATH)) Then
			'A new user
			If (fNeedToAddSendAs = True ) Then
				'update existing user
				err.Clear 
				objSDNTsecurity.DiscretionaryAcl = objDACLNTSD
				objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
				objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
				objUser.SetInfo
				If (err.number <> 0) Then
					objfileError.WriteLine("Failed to update permissions for user: " & UserPath)
					objfileError.WriteLine("Error: " & err.Description)
					fError = True
					fOneError = True
				End If
			End If
						
			fNeedToAddSendAs = False
			Set objUser = Nothing
			Set objSDNTsecurity = Nothing
			Set objDACLNTSD = Nothing

			UserPath = sArraySplit(COLUMN_INDEX_USERADSPATH)
			err.Clear 
			Set objUser = GetObject(UserPath)
			Set objSDNTsecurity = objUser.ntSecurityDescriptor  
			Set objDACLNTSD = objSDNTsecurity.DiscretionaryACL			
			If (err.number <> 0) Then
				objfileError.WriteLine("Failed to get user object: " & UserPath)
				objfileError.WriteLine("Error: " & err.Description)
				err.Clear
				fError = True
				fOneError = True
			End If
		End If
	
		'Add newACE   Do we need this check?
		CheckSendAsACE objDACLNTSD, sArraySplit(COLUMN_INDEX_FMAALIAS)
		If (fACESendasFound = 0) Then
			Set objNewACE = CreateObject ("AccessControlEntry")
			objNewACE.AceFlags = 0 
			objNewACE.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE
			objNewACE.AccessMask = EX_MB_SEND_AS_ACCESSMASK 
			objNewACE.Flags = 1
			objNewACE.ObjectType = EX_MB_SEND_AS_GUID
			objNewACE.Trustee = sArraySplit(COLUMN_INDEX_FMAALIAS)

			objDACLNTSD.AddAce objNewACE
			fNeedToAddSendAs = True			
		End If
	Loop
	
	If (fNeedToAddSendAs = True ) Then
		'update the last user
		err.Clear 
		objSDNTsecurity.DiscretionaryAcl = objDACLNTSD
		objUser.Put "ntSecurityDescriptor", Array( objSDNTsecurity )
		objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_DACL
		objUser.SetInfo
		If (err.number <> 0) Then
			objfileError.WriteLine("Failed to update permissions for user: " & UserPath)
			objfileError.WriteLine("Error: " & err.Description)
			fError = True
		End If
	End If

End If 

objFSO.Close
objfileImport.Close
objfileExport.Close
objfileError.Close

Set objFSO = Nothing
Set objfileImport = Nothing
Set objfileExport = Nothing
Set objfileError = Nothing
Set objCommand = Nothing
Set conn = Nothing

WScript.StdOut.WriteLine()
If (fError = True) Then
	WScript.StdOut.WriteLine("Finished with one or more errors. See " & sErrorsFilename)
Else
	WScript.StdOut.WriteLine("Finished successfully. No errors were encountered.")
End If

Function FindAllFMAUsers (objSD)
Dim objACL
Dim objACE
Dim intACECount
Dim strIndent
Dim dAccessMaskBit
Dim dPosition
Dim sUserAlreadyFound

	On Error Resume Next
	err.Clear
	TotalACE = 0
	sFMADeniedList = EMPTYSTRING
	sFMAExplicitAllow = EMPTYSTRING
	sUserAlreadyFound = OUTPUT_DELIMITER
	intACECount = 0
	Set objACL = objSD.DiscretionaryAcl
	intACECount = objACL.AceCount

	If intACECount Then
		' Open discretionary ACL (DACL) data.
		For Each objACE In objACL		
			
		dPosition = inStr(1, objACE.Trustee, "$")
		If ((0 = Instr(UCase(objACE.Trustee & OUTPUT_DELIMITER), UCase(FMA_EXCLUSIVE_EXSVC))) And (0 = Instr(sUserAlreadyFound, OUTPUT_DELIMITER & objACE.Trustee & OUTPUT_DELIMITER)) And (0 = Instr(FMA_EXCLUSIVE_LIST, OUTPUT_DELIMITER & objACE.Trustee & OUTPUT_DELIMITER)) And (dPosition <> Len(objACE.Trustee)) And ((objACE.AccessMask And EX_FULLMailbox_AccessMask) <>0) And ((objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED) Or (objACE.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE) )) Then
			If (TotalACE < dArraySize) Then
				sTrusteeAlias(TotalACE) = objACE.Trustee
				sUserAlreadyFound = sUserAlreadyFound & objACE.Trustee & OUTPUT_DELIMITER
			End If
			TotalACE = TotalACE + 1	
			If ((objACE.AceFlags And ADS_ACEFLAG_INHERITED_ACE) = 0) Then
				'Keep a list who explictly set FMA at mailbox level
				sFMAExplicitAllow = sFMAExplicitAllow & objACE.Trustee & OUTPUT_DELIMITER			
			End If
		ElseIf (( (objACE.AccessMask And EX_FULLMailbox_AccessMask) <>0 ) And (objACE.AceType = ADS_ACETYPE_ACCESS_DENIED)) Then
			'Keep a list who denied FMA, use OUTPUT_DELIMITER as demiliter, 
			'include both inherited and explicit set at mailbox level
			sFMADeniedList = sFMADeniedList & objACE.Trustee & OUTPUT_DELIMITER			
		End If
		Next
	End If

	Set objACL = Nothing
End Function

Function CheckSendAsACE (objDiscretionaryACL, sTAlias)
Dim objACE
Dim intACECount

	err.Clear 
	fACESendasFound = 0
	intACECount = objDiscretionaryACL.AceCount

	If intACECount Then
		For Each objACE In objDiscretionaryACL	
			err.Clear 
			If ( (objACE.Trustee = sTAlias) And (objACE.ObjectType = EX_MB_SEND_AS_GUID) ) Then
				fACESendasFound = 1
			End If
			If (err.number <> 0) Then
				objfileError.WriteLine("Could not read permissions for this user: " & sTAlias)
				objfileError.WriteLine("Error: " & err.Description)
				err.Clear
				fError = True
				fOneError = True
			End If			
		Next			
	End If	
End Function

Function IfFMAAllowed(sTrustee)
	'FMA allow ACE has been found. Assume it's true
	fFMAAllowed = True
	
	If ( (0 <> Instr(sFMADeniedList, sTrustee)) And (0 = Instr(sFMAExplicitAllow, sTrustee))	) Then
		'If Denied ACE is found, and no explicit allow FMA 
		fFMAAllowed = False
	End If 
End Function

Function CreateOutputFiles
	Dim sTimeArray
	Dim sTimeShort
	Dim sTime
	
	err.Clear
	sTime = Time
	sTimeShort = Split(sTime, " ")
	sTimeArray = Split(sTimeShort(0), ":")

	Set objFSO = CreateObject("Scripting.FileSystemObject")
	sErrorsFileName = ERROR_FILE & "_" & sTimeArray(0) & "_" & sTimeArray(1) & "_" & sTimeArray(2) & ".txt"
	Set objfileError = objFSO.OpenTextFile(sErrorsFileName, ForWriting, True, TristateTrue)

	If (cScriptMode = MODE_SETALL Or cScriptMode = MODE_EXPORT)	Then
		sExportFileName = EXPORT_FILE & "_" & sTimeArray(0) & "_" & sTimeArray(1) & "_" & sTimeArray(2) & ".txt"
		Set objfileExport = objFSO.OpenTextFile(sExportFileName, ForWriting, True, TristateTrue)	
	End If
	
	If err.number <> 0 Then
		WScript.StdOut.WriteLine("Unable to create export or error files: " & err.Description)
		objfileError.WriteLine("Unable to create export or error files: " & err.Description)
		fError = True
		fOneError = True
		WScript.Quit	
	End If

End Function

Function DisplaySyntax
	WScript.StdOut.WriteLine("Syntax:")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("Export accounts with Full Mailbox Access that do not have Send As permission:")
	WScript.StdOut.WriteLine("     CSCRIPT """ & WScript.ScriptName & """ DOMAIN_CONTROLLER -Export")
	WScript.StdOut.WriteLine("         NOTE: The list will be saved to Send_As_Export_HH_MM_SS.txt")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("Grant Send As to all accounts listed in an export file:")
	WScript.StdOut.WriteLine("     CSCRIPT """ & WScript.ScriptName & """ DOMAIN_CONTROLLER -Import ""filename.txt""")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("Grant Send As to all accounts in the domain with Full Mailbox Access:")
	WScript.StdOut.WriteLine("     CSCRIPT """ & WScript.ScriptName & """ DOMAIN_CONTROLLER -SetAll")
	WScript.StdOut.WriteLine("         NOTE: Accounts will be listed in Send_As_Export_HH_MM_SS.txt")
	WScript.StdOut.WriteLine()
	WScript.StdOut.WriteLine("For all modes, errors are saved to Send_As_Errors_HH_MM_SS.txt")

	WScript.Quit	
End Function
??? ?????????

Microsoft ???????????? ?????? ???? ???????? ?? ??? ??? ???? ??, ???? ??? ??? ?? ?????? ?? ?????????? ??? ??? ?????? ???? ?? ????.. ?????? ???????? ?????? ?? ???? ????? ???????? ?? ??? ???????? ????? ??? ?? ???? ?? ????? ???? ???.. ?? ??? ????? ?? ?? ?? ????? ?? ?? ??? ???????????? ???? ?? ?? ??????? ?? ?????? ??? ????? ????? ???????????? ?? ????? ?? ???? ???? ?? ??? ???? ?? ??? ??.. Microsoft ?????? ???????? ?? ????? ????????? ?? ???????????? ?? ?????? ??? ?????? ?? ???? ???.. ??, ?? ?? ???????? ?? ???? ??????? ?????????? ?? ?????? ???? ?? ??? ???????? ??????????????? ?? ?????? ?? ???????????? ????? ?? ??? ??????? ???? ??????..

Microsoft ?? ?????? ??? ?? ?????? ???????? ?? ???? ??? ???? ??????? ?? ??? ????? Microsoft ??? ???? ?? ????:
HTTP://support.Microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS
?? ?????-???? ?????? Microsoft ?? ???????? ???????? ?????? ??????? ??? ?? ??? ????? ?? ???? ????? ???? ??.. Microsoft ?? ???????? ?? ???????? ?? ??????????? ?? ???? ??? ??? ?????? ???? ???? ??, ????? ?? ??????..

???

???? ID: 912918 - ????? ???????: 06 ?????? 2010 - ??????: 2.0
???? ???? ???? ??:
  • Microsoft Exchange 2000 Server Standard Edition
  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange Server 2003 Standard Edition
  • Microsoft Exchange Server 2003 Enterprise Edition
??????: 
kbtshoot kbpending kbbug kbprb kbmt KB912918 KbMthi
???? ?????? ????????
??????????: ?? ???? ?? ???? ??????? ?? ????? ?? Microsoft ????-?????? ?????????? ?????? ?????? ???? ??? ??. Microsoft ???? ??? ????-???????? ?? ????-???????? ????? ?????? ?? ???? ???????? ???? ?? ???? ????? ????? ??? ?? ??? ?????? ?? ???? ???? ???? ??? ????? ??. ???????, ????-???????? ???? ????? ???? ???? ???? ???. ?????, ????????, ?????-???? ?? ??????? ?? ???????? ?? ???? ???, ???? ?? ??? ?????? ???? ???? ??? ????? ??? ?? ???? ??. Microsoft ??????? ??? ???? ?? ?????? ?? ??????????, ????????? ?? ??? ?????? ?? ???? ????? ?? ???? ???????? ?? ??? ???? ????? ?? ??? ????????? ???? ??. Microsoft ????-?????? ?????????? ?? ????? ?????? ?? ?? ??? ??.
?????????? ?? ??????? ????????? ??????? ??:912918

??????????? ???

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com