DSACLS Command Syntax Snippets

  • Article

 

This topic provides information about the DSACLS command syntax text files. You can find the text files in the folder named DSACLS Snippets, which is in the download from Working with Active Directory Permissions in Exchange Server 2003. The following is a complete list of the text files.

  • Email Addresses Tab – Mail-Enabled Group Object.txt

  • Email Addresses Tab – Mail-Enabled Contact Object.txt

  • Email Addresses Tab – Mailbox or Mail-Enabled User Object.txt

  • Email Addresses Tab – Mailbox or Mail-Enabled InetOrgPerson Object (Exchange 2003).txt

  • Email Addresses Tab – Query-Based Distribution Group (Exchange 2003).txt

  • Exchange Advanced Tab - Query-Based Distribution Group (Exchange 2003).txt

  • Exchange Advanced Tab – Mail-Enabled User Object.txt

  • Exchange Advanced Tab – Mail-Enabled InetOrgPerson Object (Exchange 2003).txt

  • Exchange Advanced Tab – Mail-Enabled Group Object.txt

  • Exchange Advanced Tab – Mail-Enabled Contact Object.txt

  • Exchange Advanced Tab – Mailbox-Enabled User Object (Exchange 2003).txt

  • Exchange Advanced Tab – Mailbox-Enabled User Object (Exchange 2000).txt

  • Exchange Advanced Tab – Mailbox-Enabled InetOrgPerson Object (Exchange 2003).txt

  • Exchange Features Tab – Mailbox-Enabled User Object (Exchange 2003).txt

  • Exchange Features Tab – Mailbox-Enabled User Object (Exchange 2000).txt

  • Exchange Features Tab – Mailbox-Enabled InetOrgPerson Object (Exchange 2003).txt

  • Exchange General Tab – inetOrgPerson Object (Exchange 2003).txt

  • Exchange General Tab – inetOrgPerson Object (Exchange 2000).txt

  • Exchange General Tab – Mail-Enabled User Object (Exchange 2003).txt

  • Exchange General Tab – Mail-Enabled User Object (Exchange 2000).txt

  • Exchange General Tab – Mail-Enabled Group Object (Exchange 2003).txt

  • Exchange General Tab – Mail-Enabled Group Object (Exchange 2000).txt

  • Exchange General Tab – Mail-Enabled Contact Object (Exchange 2003).txt

  • Exchange General Tab – Mail-Enabled Contact Object (Exchange 2000).txt

  • Exchange General Tab – Mailbox-Enabled User Object (Exchange 2003).txt

  • Exchange General Tab – Mailbox-Enabled User Object (Exchange 2000).txt

  • Exchange General Tab – Mailbox-Enabled InetOrgPerson Object (Exchange 2003).txt

  • Exchange General Tab – Query-Based Distribution Group (Exchange 2003).txt

  • Exchange Remove Attributes – InetOrgPerson Object (Exchange 2003).txt

  • Exchange Remove Attributes – User Object (Exchange 2003).txt

  • Exchange Remove Attributes – User Object (Exchange 2000).txt

  • General Tab - Query-Based Distribution Group (Exchange 2003).txt

  • Hiding Group Membership.txt

  • Mail-Disable InetOrgPerson Object (Exchange 2003).txt

  • Mail-Disable User Object (Exchange 2003).txt

  • Mail-Disable User Object (Exchange 2000).txt

  • Mail-Disabling Contact Objects (Exchange 2003).txt

  • Mail-Disabling Contact Objects (Exchange 2000).txt

  • Mail-Disabling Group Objects (Exchange 2003).txt

  • Mail-Disabling Group Objects (Exchange 2000).txt

  • Mail-Enable InetOrgPerson Object (Exchange 2003).txt

  • Mail-Enable User Object.txt

  • Mail-Enabling Contact Objects.txt

  • Mail-Enabling Group Objects.txt

  • Mailbox-Disable User Object (Exchange 2003).txt

  • Mailbox-Disable User Object (Exchange 2000).txt

  • Mailbox-Enable InetOrgPerson Object (Exchange 2003).txt

  • Mailbox-Enable User Object.txt

  • Mailbox Move InetOrgPerson Object (Exchange 2003).txt

  • Mailbox Move User Object.txt

  • Removing Exchange Attributes on Contact Objects (Exchange 2003).txt

  • Removing Exchange Attributes on Contact Objects (Exchange 2000).txt

  • Removing Exchange Attributes on Group Objects (Exchange 2003).txt

  • Removing Exchange Attributes on Group Objects (Exchange 2000).txt

Note

Incorrectly modifying the attributes of Active Directory® directory service objects by using ADSI Edit (AdsiEdit.msc), DSACLS (Dsacls.exe), the LDP tool (Ldp.exe), or any other Lightweight Directory Access Protocol (LDAP) version 3 clients can cause serious problems. These problems may require reinstallation of Microsoft® Windows Server, Microsoft Exchange Server, or both. Problems that occur if ActiveDirectory object attributes are modified incorrectly may not be solved. Modify these attributes at your own risk.

The format for DSACLS is the following:

dsacls "<ContainerPath>" /I:S /G "<Domain>\<Alias>:RPWP;<Attribute>;<ClassObject>"

Where:

  • <ContainerPath> is the distinguished name of the object (for example, domain, organizational unit);

  • <Domain>\<Alias> is the account\group being granted access; where <Attribute> is the attribute to which access is being granted;

  • <ClassObject> is the class object (user, group, contact, and so on) to which the attribute is associated.

The /I:S switch signals DSACLS to apply the permissions to sub-objects contained within the container path. The /G switch signals DSACLS to grant the necessary permissions (as opposed to deny or remove the permissions).

The RP argument signals DSACLS to grant the Read access for the property in question. The WP argument signals DSACLS to grant Write access for the property in question.

Note

The syntax for DSACLS is one command line, which contains no line breaks.