One stop shopping: Need ALL Mailbox Delegate Names & Permissions

[sdowd]

I'm trying to programatically get all names and permission levels for
users who have access to a particular mailbox.

As I understand it, access to a mailbox can be granted in serveral
ways. The first is via a "Send As" delegate created in Outlook
(Tools->Options->Delegates). The names are stored in AD
(publicDelegates attribute) and are available through LDAP queries.
Problem is with the permissions, where are they stored? How can they
be retrieved programatically?

Another method of granting access is by adding a user to the (mailbox,
inbox, calendar ...) folders in Outlook (right click
Properties->Permissions). I can't find the names nor the permission
levels in AD. I read somewhere that it was stored in AD in the
publicDelegatesBL attribute but testing has proven otherwise (Outlook
2003, ExchangeServer2003, AD2003), the attribute is NOT populated.
Anyone know where this information is stored and how it could be
retrieved programatically?

Thanks.

 

[Sue Mosher [MVP-Outlook]]

Send As grants no permissions at all to read mailbox data. It and the Send On Behalf Of permission control whether a user can send with another user's address in the From box.

Folder-level permissions are stored ... on the folder. Get the free PFDavAdmin tool from http://www.microsoft.com/downloads/details.aspx?FamilyID=635BE792-D8AD-49E3-ADA4-E2422C0AB424. It can manage and report on mailbox folder permissions, as well as public folder permissions. For other tools, see http://www.slipstick.com/exs/permissions.htm#tools

For AD query questions, I'd suggest you ask in the microsoft.public.exchange.admin group.

--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

 

[sdowd]

Hmmm...
When I add a "Send As" delegate through Outlook2003 I am prompted for
FOLDER permissions too. Now I can set all permissions to "NONE" (as
you suggest) but can also grant Reviewer, Author or Editor permissions
to my Calendar, Tasks,Contacts,Notes and Journal folders. I'm
interested in retrieving these same folder permissions programatically.

I am looking for a method to extract the names & permissions
programatically, i.e. through an LDAP query, MAPI etc. The referenced
tools do not indicate how to retrieve the data, just that you can. My
interest is the how.

 

[Sue Mosher [MVP-Outlook]]

When I add a "Send As" delegate through Outlook2003 I am prompted for

FOLDER permissions too.

Making a person a delegate does *not* set the Send As permission. It grants the Send On Behalf Of permission. They're quite different.

Folder permissions are stored in the folder. (In other words, AD is not a factor, and LDAP is not useful here.) The PFDAVAdmin tool uses WebDAV to obtain permissions, no doubt from the folder's http://schemas.microsoft.com/mapi/proptag/0x0FF40003 (PR_ACCESS_LEVEL) property; see http://msdn2.microsoft.com/en-gb/library/ms528162.aspx. Extended MAPI, CDO 1.21, and Outlook Redemption would be other viable interfaces to return the value from the same property. There should be some CDO code at http://www.cdolive.com for retrieving folder permissions.

FYI, there is a newsgroup specifically for general Outlook programming issues "down the hall" at microsoft.public.outlook.program_vba or, via web interface, at http://www.microsoft.com/office/community/en-us/default.mspx?dg=microsoft.public.outlook.program_vba The Exchange programming newsgroup is microsoft.public.exchange.development.
--
Sue Mosher, Outlook MVP
Author of Configuring Microsoft Outlook 2003

and Microsoft Outlook Programming - Jumpstart for
Administrators, Power Users, and Developers

Hmmm...

Now I can set all permissions to "NONE" (as