The edsaMailboxSecurityDescriptor attribute value non-readable in the Change History (69932)

After changing a user's mailbox rights and reviewing the object's Change History report, you will see that the "edsaMailboxSecurityDescriptor" has been changed and the column "New Value" includes a value that is not in a readable format for end users. The value displayed may vary depending on the Exchange's version. 

For example (Exchange 2003):

Action                      Attribute                                                New Value                                                                Specified By

Update                   edsaMailboxSecurityDescriptor                 'D:(A;CI;CCSDRC;;;PS)(A;CI;CCSD;;;LA)'                     ars_srv

This is by design. The edsaMailboxSecurityDescriptor is currently in the SDDL (Security Descriptor Definition Language) format which is the standard format for the security object NTSecurityDescriptor. The framework APIs used only allows us only to display the value in either of the two formats: Binary or SDDL.

An enhancement request (TF00047961) has been created detailing the feature: convert SDDL value to display user friendly (readable) value in the Change History.

WORKAROUND

None.

STATUS

The product team will evaluate the request and this feature may become available on a future release of the product.

Please refer to this article for updates or contact support referencing the Enhancement Request ID: TF00047961.