Export (0) Print
Expand All
1 out of 2 rated this helpful - Rate this topic

Directory Services Access Rights

Each Active Directory object has a security descriptor assigned to it. A set of trustee rights specific to directory service objects can be set within these security descriptors. These rights are listed in the following table. For more information, see Control Access Rights.

RightsMeaning

ACTRL_DS_OPEN

Open a DS object.

ACTRL_DS_CREATE_CHILD

Create a child DS object.

ACTRL_DS_DELETE_CHILD

Delete a child DS object.

ACTRL_DS_LIST

Enumerate a DS object.

ACTRL_DS_READ_PROP

Read the properties of a DS object.

ACTRL_DS_WRITE_PROP

Write properties for a DS object.

ACTRL_DS_SELF

Access allowed only after validated rights checks supported by the object are performed. This flag can be used alone to perform all validated rights checks of the object or it can be combined with an identifier of a specific validated right to perform only that check.

ACTRL_DS_DELETE_TREE

Delete a tree of DS objects.

ACTRL_DS_LIST_OBJECT

List a tree of DS objects.

ACTRL_DS_CONTROL_ACCESS

Access allowed only after extended rights checks supported by the object are performed. This flag can be used alone to perform all extended rights checks on the object or it can be combined with an identifier of a specific extended right to perform only that check.

 

 

 

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.