Accessing Public Folder Members in Exchange via LDAP / ADSI

Accessing Public Folder Members in Exchange via LDAP / ADSI

Hi I am trying to access the public folder permissions from with LDAP via c#. 

I can load all groups and see all the properties of the groups howver I am 
not able to see either a 'members' property on the 
System.DirectoryServices.DirectoryEntry properties collection. This is like 
because there isn't one or I don't have permissions. 


The Directory Entry object in c# 2.0 also has a ActiveDirectorySecurity 
property and that has 'AccessRules' collection. This however is only 
returning four entries all of which are NT\Anonymous Permissions. Through the 
putlook interface I can see five options. 

Any ideas on how tio do this...? Code Follows 


        private static void DoIt()
        {
            using (DirectoryEntry entry = new DirectoryEntry("**********
            {
                System.DirectoryServices.DirectorySearcher mySearcher = new 
System.DirectoryServices.DirectorySearcher(entry);
                mySearcher.Filter = 
"(&(objectCategory=publicFolder)(CN=vte*))";
                mySearcher.SizeLimit = 10;

                Console.WriteLine("!!Starting Search!!");
                foreach (SearchResult resEnt in mySearcher.FindAll())
                {
                    DirectoryEntry de = resEnt.GetDirectoryEntry();
                    Console.WriteLine("\nGROUP:" + de.Name.ToString());

                    ADSReadACLsExp(de, de.ObjectSecurity);
                }
                entry.Close();
            }
        }

        public static void ADSReadACLsExp(DirectoryEntry de, 
ActiveDirectorySecurity sd)
        {

            foreach (ActiveDirectoryAccessRule rule in 
sd.GetAccessRules(true, false, typeof(NTAccount)))
            {
                if (!rule.IsInherited)
                {
                    //rule.IdentityReference.Value
                    
Console.WriteLine("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
                    Console.WriteLine("====" + rule.AccessControlType);
                    Console.WriteLine("====" + 
rule.ActiveDirectoryRights.ToString());
                    Console.WriteLine("====" + rule.IdentityReference.Value);
                    Console.WriteLine("====" + rule.GetHashCode());
                    Console.WriteLine();
                }
            }
        }

date: Thu, 22 Dec 2005 09:36:03 -0800 author: Scott Reynolds Scott

Re: Accessing Public Folder Members in Exchange via LDAP / ADSI

Exchange uses its own security descriptor which is stored in the Exchange 
store to control access to resources. The one your viewing using LDAP is 
just the normal AD security descriptor. For a full discussion on Exchange 
security see 
http://www.microsoft.com/technet/prodtechnol/exchange/guides/StrPermwE2k3/4d9d8e4b-6c3d-4d75-94cb-e3485b8425e9.mspx

To view,access and modify an Exchange security descriptor you need to use 
one of the Exchange API's to access the store this means using either MAPI, 
CDOex/Exoledb or WebDAV.  You might want to have a read of 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/e2k3/e2k3/_exch2k_web_storage_system_security.asp 
from the Exchange SDK also check out the application security module from 
the SDK which can be used to do this type of thing

Cheers
Glen

"Scott Reynolds" <Scott Reynolds@discussions.microsoft.com> wrote in message 
news:9E85F164-54D0-4985-B884-367522ECB092@microsoft.com...
> Hi I am trying to access the public folder permissions from with LDAP via 
> c#.
>
> I can load all groups and see all the properties of the groups howver I am
> not able to see either a 'members' property on the
> System.DirectoryServices.DirectoryEntry properties collection. This is 
> like
> because there isn't one or I don't have permissions.
>
>
> The Directory Entry object in c# 2.0 also has a ActiveDirectorySecurity
> property and that has 'AccessRules' collection. This however is only
> returning four entries all of which are NT\Anonymous Permissions. Through 
> the
> putlook interface I can see five options.
>
> Any ideas on how tio do this...? Code Follows
>
>
>        private static void DoIt()
>        {
>            using (DirectoryEntry entry = new DirectoryEntry("**********
>            {
>                System.DirectoryServices.DirectorySearcher mySearcher = new
> System.DirectoryServices.DirectorySearcher(entry);
>                mySearcher.Filter =
> "(&(objectCategory=publicFolder)(CN=vte*))";
>                mySearcher.SizeLimit = 10;
>
>                Console.WriteLine("!!Starting Search!!");
>                foreach (SearchResult resEnt in mySearcher.FindAll())
>                {
>                    DirectoryEntry de = resEnt.GetDirectoryEntry();
>                    Console.WriteLine("\nGROUP:" + de.Name.ToString());
>
>                    ADSReadACLsExp(de, de.ObjectSecurity);
>                }
>                entry.Close();
>            }
>        }
>
>        public static void ADSReadACLsExp(DirectoryEntry de,
> ActiveDirectorySecurity sd)
>        {
>
>            foreach (ActiveDirectoryAccessRule rule in
> sd.GetAccessRules(true, false, typeof(NTAccount)))
>            {
>                if (!rule.IsInherited)
>                {
>                    //rule.IdentityReference.Value
>
> Console.WriteLine("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx");
>                    Console.WriteLine("====" + rule.AccessControlType);
>                    Console.WriteLine("====" +
> rule.ActiveDirectoryRights.ToString());
>                    Console.WriteLine("====" + 
> rule.IdentityReference.Value);
>                    Console.WriteLine("====" + rule.GetHashCode());
>                    Console.WriteLine();
>                }
>            }
>        }

date: Fri, 23 Dec 2005 11:10:15 +1100 author: Glen Scales [MVP]