Printout Header
RSS Feed

Attributes for Exchange 5.5 Mailboxes :  NT-Security-Descriptor

This is the attribute for the access control list (ACL), the list of objects that have permissions granted for accessing the mailbox.


LDAP name NT-Security-Descriptor
Data type Hex value (max 4096)
Multivalue (Array) No
Heuristic 12 => Replicated between sites, operational attribute
Access category

Admin access only

Ex55 Database name NT-Security-Descriptor

The NT-Security-Descriptor attribute is an operational attribute which is not automatically retrieved by a GetObject() or an GetInfo() call. You can load such attributes into the object property cache by explicitly calling GetInfoEx(). Read more about this technique in the topic 'Reading object attributes' here in the SelfADSI tutorial.

Even if you manage to read the data of an Assoc-NT-Account attribute with GetInfoEx(), it is not that easy to handle the value. Read more about this in the section 'Object attributes of type octect string' here in the SelfADSI-Tutorial. You may get more information about the internal structure of access control lists here:

    Description of ACLs on MSDN.