Directory Services

Security Descriptor Components

Having used the IADs::Get method to retrieve an IADsSecurityDescriptor interface pointer, you can use the property methods of the IADsSecurityDescriptor interface to read or write the components of a directory object's security descriptor. For example, to get or set the object's DACL, use the DiscretionaryAcl property (Visual Basic) or the put_DiscretionaryAcl and get_DiscretionaryAcl methods (C++).

A security descriptor can store the following information:

For sample code that reads and displays the information in an object's security descriptor and DACL, see Reading an Object's Security Descriptor.