ykfq
8/9/2016 - 8:18 AM
Dump msExchMailboxSecurityDescriptor as SDDL format. Useful if you need to inspect the raw ACL.
Dump msExchMailboxSecurityDescriptor as SDDL format. Useful if you need to inspect the raw ACL.
param($alias)
$searcher = [System.DirectoryServices.ActiveDirectory.Forest]::GetCurrentForest().FindGlobalCatalog().GetDirectorySearcher()
$searcher.Filter = "(mailnickname=$alias)"
$user = $searcher.FindOne()
$mbxSd = $user.Properties["msExchMailboxSecurityDescriptor"][0]
$sd = New-Object System.Security.AccessControl.RawSecurityDescriptor([byte[]]$mbxSd, 0)
$sd.GetSddlForm("All")