none
SIDS? RRS feed

  • Question

  • How come in ad users and computers, if I click a users properties, and exchange advanced > mailbox rights, and view the ACL, there are some entries that just appear to be a users SID as opposed to an actual domain name? What does the SID mean? ANnd is there a way to resolves it back to an actual name?

    I also noticed in the ACL for my mailbox, the actual exchange server hostname is added to the ACL? Why?

    Also everyone has read only access, which I am told means they can read their mailbox permissions, as opposed to everyone being able to read their email - in Outlook is there anyway  a user could check their mailbox ACL to see who else has access to their mailbox?

    Tuesday, May 24, 2011 1:21 PM

Answers

  • On Tue, 24 May 2011 13:21:19 +0000, cf090 wrote:
     
    >
    >
    >How come in ad users and computers, if I click a users properties, and exchange advanced > mailbox rights, and view the ACL, there are some entries that just appear to be a users SID as opposed to an actual domain name?
     
    It means the AD object no longer exists.
     
    >What does the SID mean?
     
    It identifies the user in a way that's independant of a hunma-readable
    name. Changing the name of the AD object doesn't change the SID.
     
    >ANnd is there a way to resolves it back to an actual name?
     
    Only if you have an older version of the AD you could restore that
    still had the AD object in it.
     
    >I also noticed in the ACL for my mailbox, the actual exchange server hostname is added to the ACL? Why?
     
    So Exchange can put e-mail into the mailbox -- and remove it from the
    mailbox.
     
    >Also everyone has read only access, which I am told means they can read their mailbox permissions, as opposed to everyone being able to read their email - in Outlook is there anyway a user could check their mailbox ACL to see who else has access to their mailbox?
     
    Sure. A copy of the set of SIDs is kept in the
    msExchMailboxSecurityDescriptor property of the user. Use ADSIEDIT,
    LDP, or ADSI (or even plain old LDAP).
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    Wednesday, May 25, 2011 1:20 AM