ykfq
8/9/2016 - 8:18 AM

Dump msExchMailboxSecurityDescriptor as SDDL format. Useful if you need to inspect the raw ACL.

Dump msExchMailboxSecurityDescriptor as SDDL format. Useful if you need to inspect the raw ACL.

param($alias)

$searcher = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().FindGlobalCatalog().GetDirectorySearcher()
$searcher.Filter = "(mailnickname=$alias)"
$user = $searcher.FindOne()
$mbxSd = $user.Properties["msExchMailboxSecurityDescriptor"][0]
$sd = New-Object System.Security.AccessControl.RawSecurityDescriptor([byte[]]$mbxSd, 0)
$sd.GetSddlForm("All")