Re: [ActiveDir] Reading Security Descriptors

Thu, 12 Oct 2006 18:58:44 -0700 

Reading Security DescriptorsHi Felderi,
First, thanks for buying our book! I'm not sure if you knew, but we have a website for the book, www.directoryprogramming.net, where Ryan and I host a support forum for questions just like this. However, I'm happy to try to answer your question here. 


Did you check out sample 8.4?  The whole point of that sample was to provide 
a method for converting back and forth between schemaIDGUID for property 
sets and their friendly names (it can also translate control access rights). 
I think that is exactly what you are looking for.


Joe K.


----- Original Message ----- 
From: Santiago, Felderi (F.)

To: ActiveDir@mail.activedir.org
Sent: Thursday, October 12, 2006 5:30 PM
Subject: [ActiveDir] Reading Security Descriptors




Hello,

I am trying to list all the ACEs for a particular object in Active 
Directory.  To help me do this (since I am a bit of a newbie to Directory 
programing), I am reading the book "The .NET Developer's Guide to Directory 
Service Programming".
I took the program on page 302 and ran it against the object I want to print 
the ACEs for (I have attached the program).  Running the program gives me a 
result of:

=====ACE=====
   Identity:  Domain\Computer$
   AccessControlType: Allow
   ActiveDirectoryRights:  WriteProperty
   InheritanceType:   None
   ObjectType:   bh967953-0dd6-11e0-a285-00aa003049e2
   InheritedObjectType:  <null>
   ObjectFlags:  ObjectAceTypePresent

This is great, but I would like to get the specific property this ACE was 
set for.  For example, if I give an object a Allow Write to displayName with 
ADUC or ADSI, I would like to get a print out of the specific property so 
that I can write a program to set these ACE on specific properties moving 
forward.
I was looking at the PropertyAccessRule ACE wrapper class and that looks 
like it has what I need, however, I can't seem to find a way to tie this in 
with the program listed on Page 302 of the book (mainly how I can tie this 
with the list of AccessRules I get back from the Security Descriptor)
Any suggestions as to what I could do to list the specific property the ACE 
is being applied to?
Just to be clear, I want to list the specific property of the ACE is so I 
can very easily apply them to other objects in the future.  Once I list the 
PropertyAccessRule, I can then use the PropertySetAccessRule to apply the 
AcessRule to future objects.

Any help would be greatly appreciated.
Thanks,
Felderi Santiago




<<SecurityDescriptors.cs>> 


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx






















					Reply via email to