我想画一个图，其中Exchange用户具有权限的Exchange邮箱，着色他们根据许可的类型。

I am trying to draw a graph of which Exchange User has which permissions on which Exchange mailboxes, coloring them according to the type of permission.

截至目前，我无法找到所有类型的权限是交易所考虑。

As of now, I cannot find out all types of permissions that Exchange takes into account.

我可以使用EWS，找出用户自己的邮箱被授予谁访问：

I can, using EWS, find out who was granted access to a mailbox by the user himself:

foreach(var permission in calendarFolder.Permissions) {
    // do sth.
}

但后来有这种可能性，即管理员授予权限的人在邮箱中加入他的完全控制权限列表中。

But then there is the possibility that an admin grants someone permission over a mailbox by adding him to the "Full Access" permission list.

这哪里是列表存储在哪里？我怎么能读它，不PowerShell的？

Where is this list stored? How can I read it, without PowerShell?

推荐答案

您可以不使用EWS（或任何的Exchange邮箱的API），你只能访问该文件夹级别的DACL的，你需要阅读什么是邮箱DACL这只能通过Exchange管理外壳（GET-MailboxPermissions），或通过从Active Directory读取msexchmailboxsecuritydescriptor进行任何访问。

You can't using EWS (or any of the Exchange Mailbox API's) you can only access the Folder level DACL's what you need to read is the Mailbox DACL which can only be either accessed via the Exchange Management Shell (Get-MailboxPermissions) or via reading the msexchmailboxsecuritydescriptor from Active Directory.

您可以得到自动映射邮箱 HTTP：/ /technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx 使用自动发现一个特定的用户通常将告诉你什么邮箱特定的用户已被授予FullAccess到自动映射已启用。 （但是这将不会返回，其中自动映射尚未设置邮箱）

You can get the AutoMapping Mailboxes http://technet.microsoft.com/en-us/library/hh529943(v=exchg.141).aspx for a particular user using Autodiscover which will generally tell you what Mailbox a particular User has been granted FullAccess to where AutoMapping has been enabled. (But this won't return Mailboxes where Automapping hasn't been set)

        AutodiscoverService esService = new AutodiscoverService(ExchangeVersion.Exchange2013);
        esService.RedirectionUrlValidationCallback = adAutoDiscoCallBack;
        esService.Credentials = ncCred;
        GetUserSettingsResponse gsr = esService.GetUserSettings("user@domain.com", UserSettingName.AlternateMailboxes);
        AlternateMailboxCollection amCol = (AlternateMailboxCollection)gsr.Settings[UserSettingName.AlternateMailboxes];
        foreach (AlternateMailbox am in amCol.Entries){
            Console.WriteLine(am.DisplayName);
        }

干杯 格伦