Setting Permissions to a Specific Property
Permissions can be set to apply to a specific property of an object.
To set permissions that apply to a specific property of an object
- Set the IADsAccessControlEntry.AccessMask property to ADS_RIGHT_DS_READ_PROP and/or ADS_RIGHT_DS_WRITE_PROP.
- Set the IADsAccessControlEntry.AceType property to ADS_ACETYPE_ACCESS_ALLOWED_OBJECT or ADS_ACETYPE_ACCESS_DENIED_OBJECT.
- Set the IADsAccessControlEntry.ObjectType property to the schemaIDGUID of the property. This is the schemaIDGUID of the attributeSchema object that defines the property in the schema. The GUID must be specified as a string of the form produced by the StringFromGUID2 function in the COM library.
- Set IADsAccessControlEntry.Flags to ADS_FLAG_OBJECT_TYPE_PRESENT.
For more information about the schemaIDGUID of a predefined attribute, see Active Directory Domain Services Reference.
For more information and a code example that can be used to retrieve a schemaIDGUID, see Reading attributeSchema and classSchema Objects.
For more information about how to create an ACE, see Setting Access Rights on an Object.
For more information and a code example that can be used to set a property-specific ACE, see Example Code for Setting an ACE on a Directory Object.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for