| Directory Services |
The IADsSecurityDescriptor interface is a dual interface. It provides access to properties on an ADSI security descriptor object.
The IADsSecurityDescriptor interface inherits the methods of the standard COM interfaces:
In addition, IADsSecurityDescriptor defines the following methods.
| Method | Description |
|---|---|
| get_Revision | Gets the revision number assigned to the security descriptor. |
| put_Revision | Sets the revision number assigned to the security descriptor. |
| get_Control | Gets the Security_Descriptor_Control flag. |
| put_Control | Sets the Security_Descriptor_Control flag. |
| get_Owner | Gets the owner of the object associated with the security descriptor. |
| put_Owner | Sets the owner of the object associated with the security descriptor. |
| get_OwnerDefaulted | Gets the flag that indicates if the owner data is derived by a default mechanism. |
| put_OwnerDefaulted | Sets the flag that indicates if the owner data is derived by a default mechanism. |
| get_Group | Gets the group that owns the object associated with the security descriptor. |
| put_Group | Sets the group that owns the object associated with the security descriptor. |
| get_GroupDefaulted | Gets the flag that indicates if the group data is derived by a default mechanism. |
| put_GroupDefaulted | Sets the flag that indicates if the group data is derived by a default mechanism. |
| get_DiscretionaryAcl | Gets the discretionary ACL associated with the security descriptor. |
| put_DiscretionaryAcl | Sets the discretionary ACL associated with the security descriptor. |
| get_DaclDefaulted | Gets the flag that indicates if the DACL is derived from a default mechanism. |
| put_DaclDefaulted | Sets the flag that indicates if the DACL is derived from a default mechanism. |
| get_SystemAcl | Gets the system ACL associated with the security descriptor. |
| put_SystemAcl | Sets the system ACL associated with the security descriptor. |
| get_SaclDefaulted | Gets the flag that indicates if the SACL is derived from a default mechanism. |
| put_SaclDefaulted | Sets the flag that indicates if the SACL is derived from a default mechanism. |
| CopySecurityDescriptor | Copies the security descriptor. |
The IADsSecurityDescriptor interface defines the following properties. The preceding table includes access methods for these properties.
| Property | Description |
|---|---|
| Control | Gets and puts the Security_Descriptor_Control flag. |
| DaclDefaulted | Gets and puts the flag that indicates if the DACL is derived from a default mechanism. |
| DiscretionaryAcl | Gets and puts the discretionary ACL associated with the security descriptor. |
| Group | Gets and puts the group that owns the object associated with the security descriptor. |
| GroupDefaulted | Gets and puts the flag that indicates if the group data is derived by a default mechanism. |
| Owner | Gets and puts the owner of the object associated with the security descriptor. |
| OwnerDefaulted | Gets and puts the flag that indicates if the owner data is derived by a default mechanism. |
| Revision | Gets and puts the revision number assigned to the security descriptor. |
| SaclDefaulted | Gets and puts the flag that indicates if the SACL is derived from a default mechanism. |
| SystemAcl | Gets and puts the system ACL associated with the security descriptor. |
Use this interface to examine and change the access controls to an Active Directory directory service object. You can also use it to create copies of a security descriptor. You use an object ntSecurityDescriptor property to access its security descriptor object. For more information about the specific steps you will need to perform to create a new security descriptor and set it on an object, see Creating a Security Descriptor for a New Directory Object and Null DACLs and Empty DACLs.
The following code example shows how to display data from a security descriptor.
' Get the security descriptor.
Dim x As IADs
Dim sd As IADsSecurityDescriptor
On Error GoTo Cleanup
Set x = GetObject("LDAP://DC=Fabrikam,DC=com")
Set sd = x.Get("ntSecurityDescriptor")
Debug.Print sd.Control
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
Cleanup:
If (Err.Number<>0) Then
MsgBox("An error has occurred. " & Err.Number)
End If
Set x = Nothing
Set sd = Nothing
The following code example displays data from a security descriptor of a directory object.
HRESULT DisplaySD(IADs *pObj)
{
IADsSecurityDescriptor *pSD = NULL;
BSTR bstr = NULL;
long lVal = 0;
HRESULT hr = S_OK;
VARIANT var;
VariantInit(&var);
if(pObj==NULL)
{
return E_FAIL;
}
hr = pObj->Get(CComBSTR("ntSecurityDescriptor"), &var);
if(FAILED(hr)){goto Cleanup;}
hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor,(void**)&pSD);
if(FAILED(hr)){goto Cleanup;}
hr = pSD->get_Control(&lVal);
printf("SD Control = %d\n",lVal);
hr = pSD->get_Owner(&bstr);
printf("SD Owner = %S\n",bstr);
SysFreeString(bstr);
hr = pSD->get_Group(&bstr);
printf("SD Group = %S\n",bstr);
SysFreeString(bstr);
hr = pSD->get_Revision(&lVal);
printf("SD Revision= %d\n",lVal);
Cleanup:
VariantClear(&var);
if(pSD) pSD->Release();
return hr;
}
Client: Included in Windows XP and
Windows 2000 Professional.
Server: Included in Windows Server 2003 and
Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension
on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.
Creating a Security Descriptor for a New Directory Object, Null DACLs and Empty DACLs, IADsAccessControlEntry, IADsAccessControlList