Directory Services

IADsSecurityDescriptor Property Methods

The property methods of the IADsSecurityDescriptor interface get or set the properties described in the following table. For more information, see Interface Property Methods.

Properties

Property Description
Revision

[Visual Basic]
Access: Read/Write
DataType: LONG

[C++]
HRESULT get_Revision
([out] LONG* plRevision);
HRESULT put_Revision
([in] LONG lRevision);

Revision level of the security descriptor. This value is taken from the Win32 ACL_REVISION_INFORMATION structure. All ACEs in an ACL must be at the same revision level.
Control

[Visual Basic]
Access: Read/Write
DataType: LONG

[C++]
HRESULT get_Control
([out] LONG* plControl);
HRESULT put_Control
([in] LONG lControl);

Flags that qualify the meaning of the security descriptor. Values are taken from the Win32 SECURITY_DESCRIPTOR_CONTROL structure.
Owner

[Visual Basic]
Access: Read/Write
DataType: BSTR

[C++]
HRESULT get_Owner
([out] BSTR* pbstrOwnerl);
HRESULT put_Owner
([in] BSTR bstrOwner);

Owner of the object.
OwnerDefaulted

[Visual Basic]
Access: Read/Write
DataType: VARIANT_BOOL

[C++]
HRESULT get_OwnerDefaulted
([out] VARIANT_BOOL* fOwnerDefaulted);
HRESULT put_OwnerDefaulted
([in] VARIANT_BOOL fOwnerDefaulted);

A flag of the BOOL type that indicates that the owner data is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor.
Group

[Visual Basic]
Access: Read/Write
DataType: BSTR

[C++]
HRESULT get_Group
([out] BSTR* pbstrGroupl);
HRESULT put_Group
([in] BSTR bstrGroup);

Group to which the owner's security ID belongs.
GroupDefaulted

[Visual Basic]
Access: Read/Write
DataType: VARIANT_BOOL

[C++]
HRESULT get_GroupDefaultedY
([out] VARIANT_BOOL* fGroupDefaulted);
HRESULT put_GroupDefaulted
([in] VARIANT_BOOL fGroupDefaulted);

A flag of the BOOL type that indicates if the group data is derived from a default mechanism, rather than being explicity provided by the original provider of the security descriptor.
DiscretionaryAcl

[Visual Basic]
Access: Read/Write
DataType: IDispatch

[C++]
HRESULT get_DiscretionaryAcl
([out] IDispatch** ppIDispDACL);
HRESULT put_DiscretionaryAcl
([in] IDispatch* pIDispDACL);

Discretionary access-control list (DACL) that specifies the types of access granted to the object for specified users and groups. For more information on DACLs, see Null DACLs and Empty DACLs.
DaclDefaulted

[Visual Basic]
Access: Read/Write
DataType: VARIANT_BOOL

[C++]
HRESULT get_DaclDefaulted
([out] VARIANT_BOOL* fDaclDefaulted);
HRESULT put_DaclDefaulted
([in] VARIANT_BOOL fDaclDefaulted);

A flag of the BOOL type that indicates if the DACL is derived from a default mechanism, rather than being provided explicitly by the original provider of the security descriptor. For example, if an object's creator does not specify a DACL, the object receives the default DACL from the creator's access token. This flag can affect how the system treats the DACL, with respect to ACE inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.
SystemAcl

[Visual Basic]
Access: Read/Write
DataType: IDispatch

[C++]
HRESULT get_SystemAcl
([out] IDispatch** ppIDispSACL);
HRESULT put_SystemAcl
([in] IDispatch* pIDispSACL);

System access-control list used to generate audit records for the object.
SaclDefaulted

[Visual Basic]
Access: Read/Write
DataType: VARIANT_BOOL

[C++]
HRESULT get_SaclDefaulted
([out] VARIANT_BOOL* fSaclDefaulted);
HRESULT put_SaclDefaulted
([in] VARIANT_BOOL fSaclDefaulted);

A flag of the BOOL type that indicates that the SACL is derived from a default mechanism, rather than being explicitly provided by the original provider of the security descriptor. This flag can affect how the system handles the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set.

Example Code [Visual Basic]

The following code example shows how to enumerate an existing security descriptor.

Dim ou As IADs
Dim sd As IADsSecurityDescriptor
Dim dacl As IADsAccessControlList
Dim sacl As IADsAccessControlList

On Error GoTo Cleanup 
 
Set ou = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com")
Set sd = ou.Get("ntSecurityDescriptor")
Debug.Print sd.Owner
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
Set dacl = sd.DiscretionaryAcl
Set sacl = sd.SystemAcl
' Add code to do something with the Discretionary and System ACLs.

Cleanup:
	If (Err.Number<>0) Then
		MsgBox("An error has occurred. " & Err.Number)
	End If
	Set ou = Nothing
	Set sd = Nothing
	Set dacl = Nothing
	Set sacl = Nothing

Requirements

Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.

See Also

IADsAccessControlEntry, IADsAccessControlList