Dim DN const ADS_RIGHT_GENERIC_ALL = &h10000000 'Set Constants. Const ADS_ACETYPE_ACCESS_DENIED = &H1 Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 Const ADS_ACETYPE_ACCESS_ALLOWED = &H0 Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 Const ADS_ACEFLAG_INHERITED_ACE = &H10 Const ForReading = 1 Set objArgs = Wscript.Arguments if(objArgs.Count = 1) then if(Objargs(0) = "lookup") then lookup = 1 end if end if Set oFSO = CreateObject("scripting.filesystemobject") 'Abre o arquivo com o DN dos usuarios Set oTF = oFSO.OpenTextFile("C:\producao\usuarios.csv",ForReading,True) Do While Not otf.AtEndOfStream DN = otf.ReadLine Set myUser = GetObject("LDAP://" & DN) 'Configure o sTrustee a parte do DOMINIO sTrustee = "DOMINIO\" & myUser.sAMAccountName myuser.GetInfoEx Array("msExchMailboxSecurityDescriptor"),0 Set oSecurityDescriptor = myuser.Get("msExchMailboxSecurityDescriptor") Set dacl = oSecurityDescriptor.DiscretionaryAcl if(lookup = 1) then 'Faz um dumpzinho baaasico For Each ace In dacl wscript.Echo ace.Trustee & ", " & ace.AccessMask & ", " & _ ace.AceType & ", " & ace.AceFlags & ", " & ace.Flags & ", " & _ ace.ObjectType & ", " & ace.InheritedObjectType Next else 'Vamos deletar as acls de nosso camaGada 'DELETA ACL DelAce dacl, sTrustee oSecurityDescriptor.DiscretionaryAcl = dacl myUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor myUser.SetInfo 'ADICIONA ACL myuser.GetInfoEx Array("msExchMailboxSecurityDescriptor"),0 Set oSecurityDescriptor = myuser.Get("msExchMailboxSecurityDescriptor") Set dacl = oSecurityDescriptor.DiscretionaryAcl AddAce dacl, sTrustee, 983040, ADS_ACETYPE_ACCESS_DENIED, 2,0,0,0 oSecurityDescriptor.DiscretionaryAcl = dacl myUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor myUser.SetInfo AddAce dacl, strustee, 1, 1, 2, 0,0 ,0 oSecurityDescriptor.DiscretionaryAcl = dacl myUser.Put "msExchMailboxSecurityDescriptor", oSecurityDescriptor myUser.Put "Description","Processo De Revisao Terceiros" 'Grava informacoes do usuario myuser.SetInfo 'ORDENA ACL myuser.GetInfoEx Array("msExchMailboxSecurityDescriptor"),0 Set oSecurityDescriptor = myuser.Get("msExchMailboxSecurityDescriptor") Set dacl = oSecurityDescriptor.DiscretionaryAcl ReorderACL(dacl) oSecurityDescriptor.DiscretionaryAcl = dacl myuser.SetInfo end if Loop 'Wscript.Echo myUser.DisplayName 'wscript.Echo myUser.sAMAccountName Function AddAce(dacl, TrusteeName, gAccessMask, gAceType, gAceFlags, gFlags, gObjectType, gInheritedObjectType) Dim Ace1 ' Create a new ACE object Set Ace1 = CreateObject("AccessControlEntry") Ace1.AccessMask = gAccessMask Ace1.AceType = gAceType Ace1.AceFlags = gAceFlags Ace1.Flags = gFlags Ace1.Trustee = TrusteeName 'Check to see if ObjectType needs to be set If CStr(gObjectType) <> "0" Then Ace1.ObjectType = gObjectType End If 'Check to see if InheritedObjectType needs to be set If CStr(gInheritedObjectType) <> "0" Then Ace1.InheritedObjectType = gInheritedObjectType End If dacl.AddAce Ace1 'Destroy objects Set Ace1 = Nothing End Function Function DelAce(dacl, szTrusteeName) Dim objOACE 'On Error Resume Next szTrusteeName = szTrusteeName ' Create a temp ACE Object. Set objOACE = CreateObject("AccessControlEntry") ' Recurse through the ACL. For Each objOACE In dacl ' Find the Trustee you are looking to delete. If (Trim(LCase(objOACE.Trustee)) = Trim(LCase(szTrusteeName))) Then ' Delete the ACE from the ACL 'wscript.Echo "Opa remove ai dom" dacl.RemoveAce (objOACE) 'else 'wscript.Echo objOAce.Trustee & " !=" & szTrusteeName End If Next ' Clean up. Set objOACE = Nothing End Function Function ReorderACL(objDacl) ' Dim Objects. Dim ImpDenyDacl Dim ImpDenyObjectDacl Dim ImpAllowDacl Dim ImpAllowObjectDacl Dim objSD Dim newDACL ' Dim Other Variables. Dim ace ' Create the New DACL. Set objSD = CreateObject("SecurityDescriptor") ' Create the ACL Objects. Set newDACL = CreateObject("AccessControlList") Set ImpDenyDacl = CreateObject("AccessControlList") Set ImpDenyObjectDacl = CreateObject("AccessControlList") Set ImpAllowDacl = CreateObject("AccessControlList") Set ImpAllowObjectDacl = CreateObject("AccessControlList") For Each ace In objDacl Select Case ace.AceType Case ADS_ACETYPE_ACCESS_DENIED ImpDenyDacl.AddAce ace Case ADS_ACETYPE_ACCESS_DENIED_OBJECT ImpDenyObjectDacl.AddAce ace Case ADS_ACETYPE_ACCESS_ALLOWED ImpAllowDacl.AddAce ace Case ADS_ACETYPE_ACCESS_ALLOWED_OBJECT ImpAllowObjectDacl.AddAce ace Case Else 'bad ace, bad bad ace.. End Select Next ' ' Combine the ACEs in the Proper Order ' Implicit Deny ' Implicit Deny Object ' Implicit Allow ' Implicit Allow Object ' ' Implicit Deny. For Each ace In ImpDenyDacl newDACL.AddAce ace Next ' Implicit Deny Object. For Each ace In ImpDenyObjectDacl newDACL.AddAce ace Next ' Implicit Allow. For Each ace In ImpAllowDacl newDACL.AddAce ace Next ' Implicit Allow Object. For Each ace In ImpAllowObjectDacl newDACL.AddAce ace Next 'Set the Appropriate revision level for the DACL. newDACL.AclRevision = objDacl.AclRevision ' Return Properly Ordered DACL. Set ReorderACL = newDACL ' Clean up. Set newDACL = Nothing Set ImpAllowObjectDacl = Nothing Set ImpAllowDacl = Nothing Set ImpDenyObjectDacl = Nothing Set ImpDenyDacl = Nothing Set objSD = Nothing End Function