Reading Security DescriptorsHi Felderi,
First, thanks for buying our book! I'm not sure if you knew, but we have a
website for the book, www.directoryprogramming.net, where Ryan and I host a
support forum for questions just like this. However, I'm happy to try to
answer your question here.
Did you check out sample 8.4? The whole point of that sample was to provide
a method for converting back and forth between schemaIDGUID for property
sets and their friendly names (it can also translate control access rights).
I think that is exactly what you are looking for.
Joe K.
----- Original Message -----
From: Santiago, Felderi (F.)
To: ActiveDir@mail.activedir.org
Sent: Thursday, October 12, 2006 5:30 PM
Subject: [ActiveDir] Reading Security Descriptors
Hello,
I am trying to list all the ACEs for a particular object in Active
Directory. To help me do this (since I am a bit of a newbie to Directory
programing), I am reading the book "The .NET Developer's Guide to Directory
Service Programming".
I took the program on page 302 and ran it against the object I want to print
the ACEs for (I have attached the program). Running the program gives me a
result of:
=====ACE=====
Identity: Domain\Computer$
AccessControlType: Allow
ActiveDirectoryRights: WriteProperty
InheritanceType: None
ObjectType: bh967953-0dd6-11e0-a285-00aa003049e2
InheritedObjectType: <null>
ObjectFlags: ObjectAceTypePresent
This is great, but I would like to get the specific property this ACE was
set for. For example, if I give an object a Allow Write to displayName with
ADUC or ADSI, I would like to get a print out of the specific property so
that I can write a program to set these ACE on specific properties moving
forward.
I was looking at the PropertyAccessRule ACE wrapper class and that looks
like it has what I need, however, I can't seem to find a way to tie this in
with the program listed on Page 302 of the book (mainly how I can tie this
with the list of AccessRules I get back from the Security Descriptor)
Any suggestions as to what I could do to list the specific property the ACE
is being applied to?
Just to be clear, I want to list the specific property of the ACE is so I
can very easily apply them to other objects in the future. Once I list the
PropertyAccessRule, I can then use the PropertySetAccessRule to apply the
AcessRule to future objects.
Any help would be greatly appreciated.
Thanks,
Felderi Santiago
<<SecurityDescriptors.cs>>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx