Hi All, I know that if an nTSecurityDescriptor is not specified when you instantiate an object in AD, it's value defaults to the Class's defaultSecurityDescriptor. What I don't understand is the fact that their strings differ when you print them out in LDIF. Here is an example:
defaultSecurityDescriptor (of class MINE-OBJ-New-Class): D:P(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;DA)(A;;LCRPRC;;;WD) nTSecurityDescriptor (of an object of class type MINE-OBJ-New-Class generated without specifying the nTSecurityDescriptor) : AQAUnHAAAACMAAAAFAAAADAAAAACABwAAQAAAALSFABrAQ0AAQEAAAAAAAEAAAAAAgBAAAIAAAAA AC QA/wEPAAEFAAAAAAAFFQAAAP4mxkiAePUxdbl1VAACAAAAABQAFAACAAEBAAAAAAABAAAAAAEFAA AA AAAFFQAAAP4mxkiAePUxdbl1VAACAAABBQAAAAAABRUAAAD+JsZIgHj1MXW5dVQBAgAA Can anyone explain why these are represented differently? On the Topic of SecurityDescriptors...I would like to specify that a Security Group that I have created be added to the defaultSecurityDescriptor for all of the classes I have extended my schema with. How would I go about doing that? Thanks for your help, Justin List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
