Abbiamo risolto con un vbs,
ne posto il codice di seguito, magari torni utilie a qualcuno...
Grazie per il supporto !!!
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
Const ADS_RIGHT_GENERIC_READ = &H80000000
Const ALLOWED_TO_AUTHENTICATE = "{68B1D179-0D15-4d4f-AB71-46152E79A7BC}"
Const RECEIVE_AS = "{AB721A56-1E2f-11D0-9819-00AA0040529B}"
Const SEND_AS = "{AB721A54-1E2f-11D0-9819-00AA0040529B}"
Const USER_CHANGE_PASSWORD = "{AB721A53-1E2f-11D0-9819-00AA0040529b}"
Const USER_FORCE_CHANGE_PASSWORD = "{00299570-246D-11D0-A768-00AA006E0529}"
Const USER_ACCOUNT_RESTRICTIONS = "{4C164200-20C0-11D0-A768-00AA006E0529}"
Const VALIDATED_DNS_HOST_NAME = "{72E39547-7B18-11D1-ADEF-00C04FD8D5CD}"
Const VALIDATED_SPN = "{F3A64788-5306-11D1-A9C5-0000F80367C1}"
FileErr_Log=".\LogImportErrori.txt"
FileSucc_Log=".\LogImportSuccessi.txt"
FilePres_Log = ".\Log_Import_Presenti.txt"
'-- Get the naming context ----
Set oRootDSE = GetObject("LDAP://RootDSE")
ldap_path_usr = oRootDSE.Get("defaultNamingContext")
ldap_path_usr = "dc=posta2000,dc=it" '----------------------> cambiare con il percorso giusto
wscript.echo ldap_path_usr
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000 'da dimensionare correttamente
campo="samAccountName"
Set FSO = CreateObject("Scripting.filesystemobject")
Set SendAsRes = fso.OpenTextFile(".\SendAs.txt") '----file di input mbx1;cforino
Set LogFileErrori = fso.createtextfile(FileErr_Log)
Set LogFileSuccessi = fso.createtextfile(FileSucc_Log)
Set LogFilePresenti = fso.createtextfile(FilePres_Log)
'On Error Resume Next
LogFileSuccessi.writeline "------ " & date() & " - " & time() & " ---- Inizio Import Permission -----"
Do
Err.Clear
contatore = contatore +1
SendAsRiga = SendAsRes.ReadLine
MyArray=Split(SendAsRiga,";",-1,1)
'wscript.echo ubound(myarray)
'wscript.echo myarray(0)
'wscript.echo myarray(1)
objCommand.CommandText = "<GC://" & ldap_path_usr & ">;(" & campo & "=" & myarray(0) & ");distinguishedname,sAMAccountName"
Set objRecordSet = objCommand.Execute
If objRecordSet.recordcount <> 1 Then
LogFileErrori.writeline "------ " & Date & " - " & Time() & " --- Utente " & myarray(0) & " non trovato"
Else
DNutente=objRecordSet.Fields("distinguishedname").Value
Set objSdUtil = GetObject("LDAP://" & DNutente)
Set objSD = objSdUtil.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryACL
Set objAce = CreateObject("AccessControlEntry")
'verifica permission già presenti
For Each objACE In objDACL
'wscript.echo objACE.Trustee
'wscript.echo myarray(1)
If UCase(objACE.Trustee) = UCase(myarray(1)) Then
If objACE.ObjectType = UCase(SEND_AS) Then
LogFilePresenti.writeline "------ " & Date & " - " & Time() & " ---------- L'utente " & myarray(1) &
" già presente nelle permission come Send-AS nella DL\Mailbox " & myarray(0)
UtentePresente = 1
Exit For
End If
End If
Next
If UtentePresente <> 1 Then
'--- on error resume next
DNutente = objRecordSet.Fields("distinguishedname").Value
'wscript.echo "dnutete:" & dnutente
'newdn = Replace(DNutente, "\", "*\5c*")
Set objSDUtil = GetObject("LDAP://" & DNutente)
'Set objSDUtil = GetObject(objRecordSet.Fields("samaccountname"))
Set objSD = objSDUtil.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
Set objACE = CreateObject("AccessControlEntry")
objACE.Trustee = myarray(1)
objACE.AceFlags = 0
objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE.AccessMask = ADS_RIGHT_GENERIC_READ
'------------------> comando di aggiunto dell'utente ai permessi
'------------------> objDACL.AddAce objACE
objSD.DiscretionaryAcl = objDACL
objSDUtil.Put "ntSecurityDescriptor", Array(objSD)
objSDUtil.SetInfo
'---Set objSDUtil = GetObject(objRecordSet.Fields("ADsPath"))
Set objSD = objSDUtil.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
Set objACE = CreateObject("AccessControlEntry")
Set objSDUtil = GetObject("LDAP://" & DNutente)
objACE.Trustee = myarray(1)
objACE.AceFlags = 0
objACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objACE.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT
objACE.ObjectType = SEND_AS
objACE.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS
objDACL.AddAce objACE
objSD.DiscretionaryAcl = objDACL
objSDUtil.Put "ntSecurityDescriptor", Array(objSD)
objSDUtil.SetInfo
If Err.Number <> 0 Then
LogFileErrori.writeline "------ " & Date & " - " & Time() & " --- errore per la Mailbox/DL " & myarray(0) & " utente " & myarray(1) & " non trovato"
Else
LogFileSuccessi.writeline "------ " & Date & " - " & Time() & " --- alla Mailbox/DL " & myarray(0) & " è stato aggiunto l'utente " & myarray(1) & " con diritto SEND-AS"
End If
end if
UtentePresente = 0
End If
Loop While Not SendAsRes.AtEndOfStream
LogFileSuccessi.writeline "------ " & date() & " - " & time() & " ---- Fine Import Permission utenti importati contatore-----"
MsgBox "Import Finito, nr. Oggetti:" & contatore
Ciao
Impostare permessi di Send As in bulk
