Export (0) Print
Expand All

IADsAccessControlEntry Property Methods

The property methods of the IADsAccessControlEntry interface get or set the properties described in the following table. For more information, see Interface Property Methods.

Properties

AccessMask
Contains a set of flags that specifies access privileges for the object. Valid values for Active Directory objects are defined in the ADS_RIGHTS_ENUM enumeration.
For more information and a list of possible values for file or file share objects, see File Security and Access Rights.
For more information and a list of possible values for registry objects, see Registry Key Security and Access Rights.
Access type: Read/write
Scripting data type: LONG
// C++ method syntax
 
 HRESULT get_AccessMask(
   [out] LONG* plnAccessMask
      
      
);

     
 HRESULT put_AccessMask(
   [in] LONG lnAccessMask
      
      
);

     
    
AceFlags
Contains a set of flags that specifies if other containers or objects can inherit the ACE. Valid values for Active Directory object are defined in the ADS_ACEFLAG_ENUM enumeration.
For more information and possible values for file, file share, and registry objects, see the AceFlags member of the ACE_HEADER structure.
Access type: Read/write
Scripting data type: LONG
// C++ method syntax
 
 HRESULT get_AceFlags(
   [out] LONG* plnAceFlags
      
      
);

     
 HRESULT put_AceFlags(
   [in] LONG lnAceFlags
      
      
);

     
    
AceType
Contains a value that indicates the type of ACE. Valid values for Active Directory objects are defined in the ADS_ACETYPE_ENUM enumeration.
For more information and possible values for file, file share, and registry objects, see the AceType member of the ACE_HEADER structure.
Access type: Read/write
Scripting data type: LONG
// C++ method syntax
 
 HRESULT get_AceType(
   [out] LONG* plAceType
      
      
);

     
 HRESULT put_AceType(
   [in] LONG lnAceType
      
      
);

     
    
Flags
A flag that indicates if the ACE has an object type or inherited object type. Valid flags are defined in the ADS_FLAGTYPE_ENUM enumeration.
Access type: Read/write
Scripting data type: LONG
// C++ method syntax
 
 HRESULT get_Flags(
   [out] LONG* lnflags
      
      
);

     
 HRESULT put_Flags(
   [in] LONG lnflags
      
      
);

     
    
InheritedObjectType
A flag that indicates the type of a child object of an ADSI object. Its value is a GUID to an object in string format. When such a GUID is set, the ACE applies only to the object referred to by the GUID.
Access type: Read/write
Scripting data type: BSTR
// C++ method syntax
 
 HRESULT get_InheritedObjectType(
   [out] BSTR* bstrInheritedObjectType
      
      
);

     
 HRESULT put_InheritedObjectType(
   [in] BSTR bstrInheritedObjectType
      
      
);

     
    
ObjectType
A flag that indicates the ADSI object type. Its value is a GUID to a property or an object in string format. The GUID refers to a property when ADS_RIGHT_DS_READ_PROP and ADS_RIGHT_DS_WRITE_PROP access masks are used. The GUID specifies an object when ADS_RIGHT_DS_CREATE_CHILD and ADS_RIGHT_DS_DELETE_CHILD access masks are used.
Access type: Read/write
Scripting data type: BSTR
// C++ method syntax
 
 HRESULT get_ObjectType(
   [out] BSTR* bstrObjectType
      
      
);

     
 HRESULT put_ObjectType(
   [in] BSTR bstrObjectType
      
      
);

     
    
Trustee
Contains the name of the account that the ACE applies to.
Access type: Read/write
Scripting data type: BSTR
// C++ method syntax
 
 HRESULT get_Trustee(
   [out] BSTR* pbstrSecurityId
      
      
);

     
 HRESULT put_Trustee(
   [in] BSTR bstrSecurityId
      
      
);

     
    

 

Examples

The following code example shows how to add entries to a discretionary ACL using the IADsAccessControlEntry property methods.



Dim x As IADs
Dim sd As IADsSecurityDescriptor
Dim ace As IADsAccessControlEntry
Dim Dacl As IADsAccessControlList
Dim Ace1 As New AccessControlEntry
Dim Ace2 As New AccessControlEntry

On Error GoTo Cleanup
 
Set x = GetObject("LDAP://OU=Sales, DC=Fabrikam,DC=com")
Set sd = x.Get("ntSecurityDescriptor")
Set Dacl = sd.DiscretionaryAcl
 
' Show the existing ACEs.
For Each ace In Dacl
  Debug.Print ace.Trustee
Next
 
 
' Setup the first ACE.
Ace1.AccessMask = -1 'Full Permission (Allowed)
Ace1.AceType = ADS_ACETYPE_ACCESS_ALLOWED
Ace1.AceFlags = ADS_ACEFLAG_INHERIT_ACE
Ace1.Trustee = "ACTIVED\Administrator"
 
' Setup the 2nd ACE.
Ace2.AccessMask = -1 'Full Permission (Denied)
Ace2.AceType = ADS_ACETYPE_ACCESS_DENIED
Ace2.AceFlags = ADS_ACEFLAG_INHERIT_ACE
Ace2.Trustee = "ACTIVED\Andyhar"
 
' Add the ACEs to the Discretionary ACL.
Dacl.AddAce Ace1
Dacl.AddAce Ace2
 
sd.DiscretionaryAcl = Dacl
x.Put "ntSecurityDescriptor", Array(sd)
x.SetInfo

Cleanup:
    If (Err.Number<>0) Then
        MsgBox("An error has occurred. " & Err.Number)
    End If

    Set x = Nothing
    Set sd = Nothing
    Set ace = Nothing
    Set Dacl = Nothing
    Set Ace1 = Nothing
    Set Ace2 = Nothing
    Set obj = Nothing
    Set cls = Nothing

The following code example displays access-control entries.


IADs *pADs = NULL;
IDispatch *pDisp = NULL;
IADsSecurityDescriptor *pSD = NULL;
VARIANT var;
HRESULT hr = S_OK;
 
VariantInit(&var);

hr = ADsOpenObject(L"LDAP://OU=Sales, DC=Fabrikam,DC=com",NULL,NULL,
                   ADS_SECURE_AUTHENTICATION, IID_IADs,(void**)&pADs);
if(FAILED(hr)) {goto Cleanup;}

hr = pADs->Get(CComBSTR("ntSecurityDescriptor"),&var);
if(FAILED(hr)) {goto Cleanup;}

pDisp = V_DISPATCH(&var);

hr = pDisp->QueryInterface(IID_IADsSecurityDescriptor,(void**)&pSD);
if(FAILED(hr)) {goto Cleanup;}
pDisp->Release();


pSD->get_DiscretionaryAcl(&pDisp);

hr = pDisp->QueryInterface(IID_IADsAccessControlList,(void**)&pACL);
if(FAILED(hr)) {goto Cleanup;}

hr = DisplayAccessInfo(pSD);
if(FAILED(hr)) {goto Cleanup;}
VariantClear(&var);

Cleanup:
    if(pADs) pADs->Release();
    if(pDisp) pDisp->Release();
    if(pSD) pSD->Release();
    return hr;



HRESULT DisplayAccessInfo(IADsSecurityDescriptor *pSD)
{
    LPWSTR lpszFunction = L"DisplayAccessInfo";
    IDispatch *pDisp = NULL;
    IADsAccessControlList *pACL = NULL;
    IADsAccessControlEntry *pACE = NULL;
    IEnumVARIANT *pEnum = NULL;
    IUnknown *pUnk = NULL;
    HRESULT hr = S_OK;
    ULONG nFetch = 0;
    BSTR bstrValue = NULL;
    VARIANT var;
    LPWSTR lpszOutput = NULL;
    LPWSTR lpszMask = NULL;
    size_t nLength = 0;
    
    VariantInit(&var);
    
    hr = pSD->get_DiscretionaryAcl(&pDisp);
    if(FAILED(hr)){goto Cleanup;}
    hr = pDisp->QueryInterface(IID_IADsAccessControlList,(void**)&pACL);
    if(FAILED(hr)){goto Cleanup;}
    
    hr = pACL->get__NewEnum(&pUnk);
    if(FAILED(hr)){goto Cleanup;}
    
    hr = pUnk->QueryInterface(IID_IEnumVARIANT,(void**)&pEnum);
    
    if(FAILED(hr)){goto Cleanup;}
    hr = pEnum->Next(1,&var,&nFetch);
    
    while(hr == S_OK)
    {
        if(nFetch==1)
        {
            if(VT_DISPATCH != V_VT(&var))
            {
                goto Cleanup;
            }
            
            pDisp = V_DISPATCH(&var);
            hr = pDisp->QueryInterface(IID_IADsAccessControlEntry,(void**)&pACE);
            
            if(SUCCEEDED(hr))
            {
                lpszMask = L"Trustee: %s";
                hr = pACE->get_Trustee(&bstrValue);
                nLength = wcslen(lpszMask) + wcslen(bstrValue) + 1;
                lpszOutput = new WCHAR[nLength];
                swprintf_s(lpszOutput,lpszMask,bstrValue);
                printf(lpszOutput);
                delete [] lpszOutput;
                SysFreeString(bstrValue);
                
                pACE->Release();
                pACE = NULL;
                pDisp->Release();
                pDisp = NULL;
            }       
            
            VariantClear(&var);
        }       
        hr = pEnum->Next(1,&var,&nFetch);
    }
    
Cleanup:
    if(pDisp) pDisp->Release();
    if(pACL) pACL->Release();
    if(pACE) pACE->Release();
    if(pEnum) pEnum->Release();
    if(pUnk) pUnk->Release();
    if(szValue) SysFreeString(szValue);
    return hr;
}

Requirements

Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2003

Header

Iads.h

DLL

Activeds.dll

IID

IID_IADsAccessControlEntry is defined as B4F3A14C-9BDD-11D0-852C-00C04FD8D503

See also

IADsAccessControlEntry
IADsAccessControlList
IADsSecurityDescriptor

 

 

Show:
© 2015 Microsoft