I think you could but it would be non-trivial, I agree with Al, use a different tool. dsacls or scripting is the "standard".
Theoretically, and Dmitri or Eric can correct me if I am off, you could create your Security Descriptor in SDDL format, convert that to the binary form, then mime encode it, then try to apply that string for the ntSecurityDescriptor attribute. You will likely have to do it as an Administrator or else you will get an error since non-admins have to set special controls to update the security descriptor and I don't think LDIFDE will do it.
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm 

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick
Sent: Friday, October 06, 2006 4:36 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Using an LDIF to set ACLs

There's no provision in the ldif standard that I'm aware of that would allow this.  LDIFDE might have something with it, but I haven't seen it.
You'd be better off using a different tool in my opinion. 

On 10/6/06, Isenhour, Joseph <[EMAIL PROTECTED]> wrote:
Does anyone know if it's possible to set Directory ACLs using an LDIF?
I'm trying to enforce a process for setting ACLs that is similar to the
process we have for making Schema extensions.
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

Reply via email to