| Directory Services |
The IADsAccessControlList::RemoveAce method removes an access-control entry (ACE) from the access-control list (ACL).
HRESULT RemoveAce( IDispatch* pAccessControlEntry );
This method returns the standard return values.
For more information, and other return values, see ADSI Error Codes.
| Return Code | Description |
|---|---|
| S_OK | The ACEs were successfully removed. |
| E_FAIL | The operation failed. |
The following Visual Basc code example shows how to remove entries from a discretionary access-control list.
Dim x As IADs
Dim sd As IADsSecurityDescriptor
Dim Dacl As IADsAccessControlList
On Error GoTo Cleanup
Set x = GetObject("LDAP://OU=Sales,DC=mydomain,DC=fabrikam,DC=com")
Set sd = x.Get("ntSecurityDescriptor")
Set Dacl = sd.DiscretionaryAcl
'--Remove ACEs that belong to jeff--
For Each ace In Dacl
If (LCase(ace.trustee) = LCase("FABRIKAM\jeff")) Then
Dacl.RemoveAce ace
End If
Next
sd.DiscretionaryAcl = Dacl
x.Put "ntSecurityDescriptor", Array(sd)
x.SetInfo
Cleanup:
If (Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set x = Nothing
Set sd = Nothing
Set Dacl = Nothing
The following C++ code example removes the ACEs with the specified trustee.
HRESULT removeAcesFrom(IADsAccessControlList *pAcl, BSTR szTrustee)
{
IEnumVARIANT *pEnum = NULL;
LPUNKNOWN pUnk = NULL;
ULONG lFetch = 0;
BSTR bstr = NULL;
IADsAccessControlEntry *pACE = NULL;
VARIANT var;
VariantInit(&var);
IDispatch *pDisp = NULL;
HRESULT hr = pAcl->get__NewEnum(&pUnk);
if(FAILED(hr))
{
goto Cleanup;
}
hr = pUnk->QueryInterface(IID_IEnumVARIANT, (void**)&pEnum);
if(FAILED(hr))
{
goto Cleanup;
}
hr = pEnum->Next(1, &var, &lFetch);
while(hr == S_OK)
{
if(lFetch == 1)
{
if (VT_DISPATCH != V_VT(&var))
{
goto Cleanup;
}
pDisp = V_DISPATCH(&var);
///////////////////////////
// Get the individual ACE.
///////////////////////////
hr = pDisp->QueryInterface( IID_IADsAccessControlEntry,
(void**)&pACE );
if ( SUCCEEDED(hr) )
{
pACE->get_Trustee(&bstr);
printf("ACE trustee: %S:\n", bstr);
// ACE manipulation.
SysFreeString(bstr);
if(wcscmp(bstr, szTrustee) == 0)
{
pACE->QueryInterface(IID_IDispatch, (void**)&pDisp);
hr = pAcl->RemoveAce(pDisp);
pDisp->Release();
if(FAILED(hr))
{
goto Cleanup;
}
}
pACE->Release();
}
VariantClear(&var);
}
hr = pEnum->Next( 1, &var, &lFetch );
}
Cleanup:
VariantClear(&var);
if(pEnum)
{
pEnum->Release();
}
if(pACE)
{
pACE->Release();
}
if(pUnk)
{
pUnk->Release();
}
if(bstr)
{
SysFreeString(bstr);
}
return hr;
}
Client: Included in Windows XP and
Windows 2000 Professional.
Server: Included in Windows Server 2003 and
Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension
on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.