| Home | Kaiming |
After exchange is installed, it introduces huge number of properties for mailboxes.
The examples are:
altRecipient
altRecipientBL
attributeCertificate
authOrig
authOrigBL
autoReply
autoReplyMessage
deletedItemFlags
delivContLength
deliverAndRedirect
deliveryMechanism
delivExtContTypes
dLMemberRule
dLMemDefault
dLMemRejectPerms
dLMemRejectPermsBL
dLMemSubmitPerms
dLMemSubmitPermsBL
dnQualifier
enabledProtocols
expirationTime
extensionAttribute1
extensionAttribute10
extensionAttribute11
extensionAttribute12
extensionAttribute13
extensionAttribute14
extensionAttribute15
extensionAttribute2
extensionAttribute3
extensionAttribute4
extensionAttribute5
extensionAttribute6
extensionAttribute7
extensionAttribute8
extensionAttribute9
...
...
To control the permissions on these properties, you could accomplish the task as follows:
work\robin READ altRecipient
work\robin READ altRecipientBL
work\robin READ attributeCertificate
work\robin READ authOrig
work\robin READ authOrigBL
work\robin READ autoReply
work\robin READ autoReplyMessage
work\robin READ deletedItemFlags
work\robin READ delivContLength
work\robin READ deliverAndRedirect
work\robin READ deliveryMechanism
work\robin READ delivExtContTypes
work\robin READ dLMemberRule
work\robin READ dLMemDefault
work\robin READ dLMemRejectPerms
work\robin READ dLMemRejectPermsBL
work\robin READ dLMemSubmitPerms
work\robin READ dLMemSubmitPermsBL
work\robin READ dnQualifier
work\robin READ enabledProtocols
work\robin READ expirationTime
work\robin READ extensionAttribute1
work\robin READ extensionAttribute10
work\robin READ extensionAttribute11
work\robin READ extensionAttribute12
work\robin READ extensionAttribute13
work\robin READ extensionAttribute14
work\robin READ extensionAttribute15
work\robin READ extensionAttribute2
work\robin READ extensionAttribute3
work\robin READ extensionAttribute4
work\robin READ extensionAttribute5
work\robin READ extensionAttribute6
work\robin READ extensionAttribute7
work\robin READ extensionAttribute8
work\robin READ extensionAttribute9
...
...
So many ACE entries in DACLs list. Some experts call it as bloated DACLs. When you process an object, the process is really slow.
Exchange-Information and Exchange-Personal-Information are property sets are the grouping objects. The Exchange-Information externedRight includes 105 properties and Exchange-Personal-Information right covers 7 properties.
Create a mailbox, e.g. Joe Rama
You will see the Exchange Information and Exchange Personal Information rights.
From Exchange Management Shell,
Add-ADPermission -Identity "CN=Joe Rama,CN=Users,DC=work,DC=com" -User "Work\Robin.WIlliams" -AccessRights ReadProperty -ExtendedRights Exchange-information