find Exchange recipients that are associated with an NT account RRS feed

  • Question

  • User843746731 posted

    Hi all,

    I'm trying to find a mailbox from a SID ideally... I get the following code to work lovely:

    ' First get the SID and SD for the user, which we will need later on.
    Dim objUI As New MSExchangeAcctLib.AcctMgmt
    Dim arrSID As
    objUI.GetSidFromName("AIGGICBL", "MailerM", arrSID)
    objUI =

    Dim searchRoot As New DirectoryEntry("LDAP://Exchnage/o=ExOrg/ou=ExSite/cn=Recipients") ' //searches will be rooted under this OU
    'Dim ds As New DirectorySearcher(searchRoot, "(Assoc-NT-Account=" & arrSID & ")")
    Dim ds As New DirectorySearcher(searchRoot, "(sn=Mailer)")

    ds.SizeLimit = 1

    Dim sr As SearchResult = Nothing
    Dim src As SearchResultCollection
    src = ds.FindAll()

    With src
    If src.Count > 0
    sr = src(0)
    End With

    If sr Is Nothing = False Then
    End If

    Basically a carbon VB copy of Dunnry's code in the read me first in this forum... But when I try and search on the "Assoc-NT-Account" with the ArrSID I get a conversion error from Byte() to String.

    Any ideas of how to do this?


    Thursday, April 6, 2006 5:59 AM

All replies

  • User1354132231 posted
    You will have to format the SID string in binary format for the filter.  It is best to pull the SID from the 'objectSid' attribute to ensure that the byte ordering is correct.  Example:

    //user represents the SID we want (this could just as easily be a SearchResult)
    //DirectoryEntry user = new DirectoryEntry(...);

    byte[] sidBytes = (byte[])user.Properties["objectSid"][0];

    //this is the search filter you would use
    string filter = String.Format("(Assoc-NT-Account={0})", BuildOctetFilterString(sidBytes));

    private string BuildOctetFilterString(byte[] bytes)
        StringBuilder sb = new StringBuilder();
        foreach (byte b in bytes)
           sb.AppendFormat("\\{0}", b.ToString("X2"));
        return sb.ToString();

    Thursday, April 6, 2006 1:24 PM
  • User843746731 posted

    Hi Ryan,

    Thanks for that...

    It works in as much as there's no errors but it doesn't show any results from the filter. I can get the LDAP to display the Assoc-NT-Account either so can't "manually" compare the two.

    Looking around should the filter string be in a hex format? S-0-etc...?

    It's monday morning and my head is feeling a little confused!

    Monday, April 10, 2006 7:25 AM
  • User1354132231 posted
    Hmm... I think the Assoc-NT-Account attribute is in binary format, so the filter that I used should be right.  It should look like escaped hex bytes (e.g. "\0A\1F\22\...") if it is right.  Is it possible that the attribute doesn't have a value?

    Why don't you try the other way - that is, take a value from the Assoc-NT-Account, convert it using the routine and then search for "(objectSid={value})".  This way you know if the value supplied in the attribute actually links to an account.
    Monday, April 10, 2006 8:12 PM
  • User843746731 posted

    Ryan, you are the man!!! Many thanks (again!)

    It was my own fault as I missed in the translation of C# to VB that I didn't need to escape the \ so I had \\00\\etc... D'oh!

    Now it works like a charm!

    Just FYI, I tried to write the Assoc-NT-Account property:


    (thinking GetType() would be able to write no problems)
    I get:

    Object reference not set to an instance of an object.

    So I can't seem to read the property at all... Sadly.

    Still, all working like a charm now! Thanks again!

    Tuesday, April 11, 2006 4:26 AM