Directory Services |
The following Visual Basic code example creates a controlAccessRight object in the Extended-Rights container.
Dim ExContainer As IADsContainer Dim rootdse As IADs Dim ExRight As IADs On Error GoTo CleanUp Set rootdse = GetObject("LDAP://rootDSE") configpath = rootdse.Get("configurationNamingContext") Set ExContainer = GetObject("LDAP://cn=extended-rights," & configpath) ' Create the object, specifying the object class and the cn. Set ExRight = ExContainer.Create("controlAccessRight", "cn=MyExRight") ' Set the classes the right applies to. ' Specify the schemaIDGUID of the user and computer classes. ExRight.PutEx ADS_PROPERTY_UPDATE, "appliesTo", _ Array("bf967aba-0de6-11d0-a285-00aa003049e2", _ "bf967a86-0de6-11d0-a285-00aa003049e2") ' Set the display name used in Security property pages and other UI. ExRight.PutEx ADS_PROPERTY_UPDATE, "displayName", Array("My-Extended-Right") ' Set rightsGUID to a GUID generated by Uuidgen.exe. ExRight.PutEx ADS_PROPERTY_UPDATE, "rightsGUID", _ Array("64ad33ac-ea09-4ded-b798-a0585c50fd5a") ' Set validAccesses to indicate a control access right. ExRight.PutEx ADS_PROPERTY_UPDATE, "validAccesses", &H100 ExRight.SetInfo Exit Sub CleanUp: MsgBox ("An error has occurred.") ExContainer = Nothing rootdse = Nothing ExRight = Nothing
The following C++ code example is a function that creates a controlAccessRight object in the Extended-Rights container. When you call this function, use the following format to specify the GUID string for the pszRightsGUID parameter.
L"b7b13123-b82e-11d0-afee-0000f80367c1"
The ADSVALUE array for the appliesTo property uses the same GUID format and sets the dwType member to ADSTYPE_CASE_IGNORE_STRING.
#define _WIN32_WINNT 0x0500 #include <windows.h> #include <stdio.h> #include <activeds.h> // **************************************************************** // CreateExtendedRight // **************************************************************** HRESULT CreateExtendedRight( LPWSTR pszCommonName, // cn property LPWSTR pszDisplayName, // displayName property LPWSTR pszRightsGUID, // rightsGUID property ADSVALUE *pAdsvAppliesTo, // array of GUIDs for appliesTo property int cAppliesTo ) // number of GUIDs in array { HRESULT hr = E_FAIL; VARIANT var; LPOLESTR szADsPath = NULL; IADs *pRootDSE = NULL; IDirectoryObject *pExRights = NULL; UINT nSize = 0; WCHAR *lpszExtRights = L"LDAP://cn=Extended-Rights," const int cAttributes = 6; // Count of attributes that must be set to create a control access right. PADS_ATTR_INFO pAttributeEntries = new ADS_ATTR_INFO[cAttributes]; // array of attributes ADSVALUE adsvCN, adsvObjectClass, adsvDisplayName, adsvRightsGUID, adsvValidAccesses; LPOLESTR pszRightRelPath = new WCHAR[MAX_PATH]; IDispatch *pNewObject = NULL; hr = ADsOpenObject(L"LDAP://rootDSE", NULL, NULL, ADS_SECURE_AUTHENTICATION, // Use Secure Authentication. IID_IADs, (void**)&pRootDSE); if (FAILED(hr)) { wprintf(L"Bind to rootDSE failed: 0x%x\n", hr); return hr; } // Get the DN to the config container. hr = pRootDSE->Get(CComBSTR("configurationNamingContext"), &var); if (SUCCEEDED(hr)) { // Determine the buffer size required to store the ADsPath string // and allocate the buffer. nSize = wcslen(lpszExtRights) + wcslen(var.bstrVal) + 1; szADsPath = new OLECHAR[nSize]; if (szADsPath == NULL) { wprintf(L"Buffer allocation failed."); goto cleanup; } // Build ADsPath string to Extended-Rights container wcsncpy(szADsPath,lpszExtRights,nSize); wcsncat(szADsPath,var.bstrVal,wcslen(var.bstrVal)); // Get an IDirectory Object pointer to the Extended Rights Container. hr = ADsOpenObject(szADsPath, NULL, NULL, ADS_SECURE_AUTHENTICATION, // Use Secure Authentication. IID_IDirectoryObject, (void**)&pExRights); } if (FAILED (hr) ) { wprintf(L"Bind to Extended Rights Container failed: 0x%x\n", hr); goto cleanup; } // Set first attribute: CN pAttributeEntries[0].pszAttrName = L"CN"; // Attribute name: CN pAttributeEntries[0].dwControlCode = ADS_ATTR_APPEND; // Add the attribute. pAttributeEntries[0].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string. // Fill in the ADSVALUE structure for the CN property adsvCN.CaseIgnoreString = pszCommonName; adsvCN.dwType = ADSTYPE_CASE_IGNORE_STRING; pAttributeEntries[0].pADsValues = &adsvCN; pAttributeEntries[0].dwNumValues = 1; // Set second attribute: objectClass pAttributeEntries[1].pszAttrName = L"objectClass"; // Attribute name: objectClass pAttributeEntries[1].dwControlCode = ADS_ATTR_APPEND; // Add the attribute. pAttributeEntries[1].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string. // Fill in the ADSVALUE structure for the objectClass property adsvObjectClass.CaseIgnoreString = L"controlAccessRight"; // objectClass is controlAccessRight adsvObjectClass.dwType = ADSTYPE_CASE_IGNORE_STRING; pAttributeEntries[1].pADsValues = &adsvObjectClass; pAttributeEntries[1].dwNumValues = 1; // Set third attribute: appliesTo // Each value for this property is a schemaIDGUID of a class to which the right can be applied. pAttributeEntries[2].pszAttrName = L"appliesTo"; // Attribute name: appliesTo pAttributeEntries[2].dwControlCode = ADS_ATTR_APPEND; // Add the attribute. pAttributeEntries[2].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string. // The ADSVALUE array for this property is passed in as a parameter to this function. pAttributeEntries[2].pADsValues = pAdsvAppliesTo; pAttributeEntries[2].dwNumValues = cAppliesTo; // Set fourth attribute: displayName pAttributeEntries[3].pszAttrName = L"displayName"; // Attribute name: CNpAttributeEntries[3].dwControlCode = ADS_ATTR_APPEND; // Add the attribute. pAttributeEntries[3].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string. // Fill in the ADSVALUE structure for the displayName property. adsvDisplayName.CaseIgnoreString = pszDisplayName; adsvDisplayName.dwType = ADSTYPE_CASE_IGNORE_STRING; pAttributeEntries[3].pADsValues = &adsvDisplayName; pAttributeEntries[3].dwNumValues = 1; // Set fifth attribute: rightsGUID pAttributeEntries[4].pszAttrName = L"rightsGUID"; // Attribute name pAttributeEntries[4].dwControlCode = ADS_ATTR_APPEND; // Add the attribute. pAttributeEntries[4].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string. // Fill in the ADSVALUE structure for the rightsGUID property. adsvRightsGUID.dwType = ADSTYPE_CASE_IGNORE_STRING; adsvRightsGUID.CaseIgnoreString = pszRightsGUID; pAttributeEntries[4].pADsValues = &adsvRightsGUID; pAttributeEntries[4].dwNumValues = 1; // Set sixth attribute: validAccesses pAttributeEntries[5].pszAttrName = L"validAccesses"; // Attribute name pAttributeEntries[5].dwControlCode = ADS_ATTR_APPEND; // Add the attribute. pAttributeEntries[5].dwADsType = ADSTYPE_CASE_IGNORE_STRING; // Attribute syntax is string. // Fill in the ADSVALUE structure for the rightsGUID property. adsvValidAccesses.dwType = ADSTYPE_INTEGER; adsvValidAccesses.Integer = ADS_RIGHT_DS_CONTROL_ACCESS; pAttributeEntries[5].pADsValues = &adsvValidAccesses; pAttributeEntries[5].dwNumValues = 1; // Set up the relative distinguished name for the new object. wcscpy(pszRightRelPath, L"cn="); wcscat(pszRightRelPath, pszCommonName); // Create the controlAccessRight hr = pExRights->CreateDSObject( pszRightRelPath, // Relative path of new object pAttributeEntries, // Attributes to be set cAttributes, // Number of attributes being set &pNewObject // receives IDispatch pointer to the new object ); cleanup: if (pRootDSE) pRootDSE->Release(); if (pExRights) pExRights->Release(); if (pNewObject) pNewObject->Release(); if (szADsPath) delete [] szADsPath; VariantClear(&var); return hr; }
This CreateExtendedRight sample function can be called with the following code example.
ADSVALUE adsvAppliesTo; adsvAppliesTo.dwType = ADSTYPE_CASE_IGNORE_STRING; adsvAppliesTo.CaseIgnoreString = L"bf967aba-0de6-11d0-a285-00aa003049e2"; hr = CreateExtendedRight(L"myexright", L"My Extended Right", L"7587d479-441a-480b-9d5d-807b4d067db4", &adsvAppliesTo, 1);