Creating a Global Address Book
Creating a Global Address Book
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
The following example creates a global address book for the specified hosted organization. This example uses functions for Deleting an ACE From an ACL, Adding an ACE To an Existing ACL, Reordering a DACL, and Removing Permissions from the Default Global Address List.
Visual Basic
'////////////////////////////////////////////////////////////////////// ' Function: createGlobalAddressBook() ' Purpose: Creates a global address book for the specified hosted organization. ' ' Input: szDomainName: Domain of the Exchange organization ' szOrganizationName: Name of the exchange organization ' szAddressName: Name of the GAL ' szDomain: Domain of the hosted org ' szUserName: Admin username ' szUserPwd: Admin pwd ' szDirectoryServer: Name of the Directory Server ' ' Output: getValue: Contains Error code (if any) ' ' Note: In order for this example to function correctly, it may be necessary to include ' references to the following libraries: Active DS Type Library, Microsoft CDO for ' Exchange Management Library, Microsoft Cluster Service Automation Classes, ' Microsoft CDO for Windows 2000 Library. '////////////////////////////////////////////////////////////////////// Public Function createGlobalAddressBook(ByVal szDomainName As String, _ ByVal szOrganizationName As String, _ ByVal szAddressName As String, _ ByVal szDomain As String, _ ByVal szUserName As String, _ ByVal szUserPwd As String, _ ByVal szDirectoryServer) As Integer Dim objLdap As IADsOpenDSObject Dim objgal As IADs Dim objGalContainer As IADsContainer Dim szConnString As String Dim szSearchRequest As String Dim objSecurityDescriptor As SecurityDescriptor Dim objParentSD As SecurityDescriptor Dim objParentDACL As AccessControlList Dim objCopyDACL As AccessControlList Dim objNewDACL As AccessControlList Dim iCurrentControl As Variant Dim objOACE As AccessControlEntry Dim szaDomTokens() As String Dim szDomainDN As String Dim szUserGroup As String Dim szAdminGroup As String On Error GoTo errhandler ' Initialize strings. szUserGroup = "AllUsers" szAdminGroup = "Admins" ' Put the domain name into an ldap string. szaDomTokens = Split(szDomainName, ".", -1, 1) szDomainDN = Join(szaDomTokens, ",dc=") szDomainDN = "dc=" & szDomainDN ' Build the ldap connection string. szConnString = "LDAP://" + szDirectoryServer + "/" + _ "cn=All Global Address Lists,cn=Address Lists Container,cn=" + szOrganizationName + _ ",cn=microsoft exchange,cn=services,cn=configuration," + szDomainDN szSearchRequest = "(|(&(&(&(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder))))(objectCategory=group)(cn=*" + szDomain + ")))" szSearchRequest = szSearchRequest + "(&(&(&(&(mailnickname=*)(|(&(objectCategory=person)(objectClass=user)(!(homeMDB=*))(!(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*)))(&(objectCategory=person)(objectClass=contact))(objectCategory=group)(objectCategory=publicFolder))))(objectClass=user)(mail=*" + szDomain + "))))" ' Open up the directory with the passed credentials (preferably the admin). Set objLdap = GetObject("LDAP:") ' Get a container object from the connection string. Set objGalContainer = objLdap.OpenDSObject(szConnString, _ szUserName, _ szUserPwd, _ ADS_SECURE_AUTHENTICATION) ' Create the recipient policy object. Set objgal = objGalContainer.Create("addressBookContainer", _ "cn=" + szAddressName) ' Required properties. With objgal .Put "purportedSearch", szSearchRequest .Put "name", szAddressName .Put "displayName", szAddressName .Put "showInAdvancedViewOnly", True .Put "systemFlags", 1610612736 .SetInfo End With ' Now that the address book has been created, set security permissions. ' Get a handle to the security descriptor object on the new GAL. Set objSecurityDescriptor = objgal.Get("ntSecurityDescriptor") ' Get the security control object. iCurrentControl = objSecurityDescriptor.Control ' Turn off inheritance. objSecurityDescriptor.Control = iCurrentControl Or SE_DACL_PROTECTED ' Get the Security Descriptor for the parent object. Set objParentSD = objGalContainer.Get("ntSecurityDescriptor") ' Get the access control list for the parent SD. Set objParentDACL = objParentSD.DiscretionaryAcl ' Make a copy of the ACL that is on the parent object (replicate it to the new GAL). Set objCopyDACL = objParentDACL.CopyAccessList() ' Delete the specified ACL. DeleteAce objCopyDACL, "NT AUTHORITY\Authenticated Users" ' Add the ACL for the group. AddAce objCopyDACL, szUserGroup + "@" + szDomain, 131220, 0, 2, 0, 0, 0 AddAce objCopyDACL, szUserGroup + "@" + szDomain, 256, 5, 2, 1, "{A1990816-4298-11D1-ADE2-00C04FD8D5CD}", 0 AddAce objCopyDACL, szAdminGroup + "@" + szDomain, 131220, 0, 2, 0, 0, 0 AddAce objCopyDACL, szAdminGroup + "@" + szDomain, 256, 5, 2, 1, "{A1990816-4298-11D1-ADE2-00C04FD8D5CD}", 0 ' Reorder the ACLs. Set objNewDACL = ReorderACL(objCopyDACL) ' Set the new ACL. objSecurityDescriptor.DiscretionaryAcl = objNewDACL ' Save changes. objgal.Put "ntSecurityDescriptor", objSecurityDescriptor objgal.SetInfo ' Remove settings from default GAL. resetDefaultGAL szDomainName, _ szOrganizationName, _ szUserName, _ szUserPwd, _ szDirectoryServer createGlobalAddressBook = 0 ' Clean up. Set objLdap = Nothing Set objgal = Nothing Set objGalContainer = Nothing Exit Function ' Error handling. errhandler: Set objLdap = Nothing Set objgal = Nothing Set objGalContainer = Nothing createGlobalAddressBook = 1 ' Implement error logging here. Exit Function End Function
Send us your feedback about the Microsoft Exchange Server 2003 SDK.
This topic last updated: March 2004
Build: June 2007 (2007.618.1)
© 2003-2006 Microsoft Corporation. All rights reserved. Terms of use.