问题
I am trying to draw a graph of which Exchange User has which permissions on which Exchange mailboxes, coloring them according to the type of permission.
As of now, I cannot find out all types of permissions that Exchange takes into account.
I can, using EWS, find out who was granted access to a mailbox by the user himself:
foreach(var permission in calendarFolder.Permissions) {
// do sth.
}
But then there is the possibility that an admin grants someone permission over a mailbox by adding him to the "Full Access" permission list.
Where is this list stored? How can I read it, without PowerShell?
回答1:
You can't using EWS (or any of the Exchange Mailbox API's) you can only access the Folder level DACL's what you need to read is the Mailbox DACL which can only be either accessed via the Exchange Management Shell (Get-MailboxPermissions) or via reading the msexchmailboxsecuritydescriptor from Active Directory.
You can get the AutoMapping Mailboxes http://technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx for a particular user using Autodiscover which will generally tell you what Mailbox a particular User has been granted FullAccess to where AutoMapping has been enabled. (But this won't return Mailboxes where Automapping hasn't been set)
AutodiscoverService esService = new AutodiscoverService(ExchangeVersion.Exchange2013);
esService.RedirectionUrlValidationCallback = adAutoDiscoCallBack;
esService.Credentials = ncCred;
GetUserSettingsResponse gsr = esService.GetUserSettings("user@domain.com", UserSettingName.AlternateMailboxes);
AlternateMailboxCollection amCol = (AlternateMailboxCollection)gsr.Settings[UserSettingName.AlternateMailboxes];
foreach (AlternateMailbox am in amCol.Entries){
Console.WriteLine(am.DisplayName);
}
Cheers Glen
来源:https://stackoverflow.com/questions/25670746/find-out-which-users-have-full-access-on-a-mailbox