Directory Services

Access Control and Read Operations

Security is an implicit filter for searching, enumerating containers, or reading properties. If you do not have the necessary access rights, attempts to list objects or read properties can fail with the following error codes even thought the object or property exists:

Be aware that a caller with ADS_RIGHT_ACTRL_DS_LIST access to a container can enumerate the child objects in the container. But an attempt to access a child object can still fail with an error such as E_ADS_UNKNOWN_OBJECT if the caller does not have ADS_RIGHT_ACTRL_DS_LIST_OBJECT access to the child object.

The impact of security on read operations is not necessarily manifested as an error. For example, a search operation can succeed, but the search results do not include objects or properties to which the caller does not have access.