Directory Services |
The following code examples show how to enumerate the access control list (ACL) of an Active Directory object.
The following C++ code example demonstrates a function that will enumerate the trustees of an object .
//*************************************************************************** // // EnumTrustees() // //*************************************************************************** HRESULT EnumTrustees(IADsAccessControlList *pACL) { if(NULL == pACL) { return E_INVALIDARG; } HRESULT hr; IUnknown *pUnk; /* Get the enumerator from the access control list. */ hr = pACL->get__NewEnum(&pUnk); if(SUCCEEDED(hr)) { IEnumVARIANT *pEnum; hr = pUnk->QueryInterface(IID_IEnumVARIANT, (LPVOID*)&pEnum); if(SUCCEEDED(hr)) { VARIANT var; ULONG ulFetched; wprintf(L"Trustees:\n"); VariantInit(&var); /* Enumerate the access control entries in the access control list. */ while(SUCCEEDED(hr = pEnum->Next(1, &var, &ulFetched)) && (ulFetched > 0)) { IADsAccessControlEntry *pACE; /* Get the access control entry. */ hr = V_DISPATCH(&var)->QueryInterface(IID_IADsAccessControlEntry, (LPVOID*)&pACE); if(SUCCEEDED(hr)) { CComBSTR sbstrTrustee; /* Get the Trustee for this ACE and print it to the console window. */ hr = pACE->get_Trustee(&sbstrTrustee); if(SUCCEEDED(hr)) { wprintf(L"\t"); wprintf(sbstrTrustee); wprintf(L"\n"); } pACE->Release(); } VariantClear(&var); } pEnum->Release(); } pUnk->Release(); } return hr; } //*************************************************************************** // // EnumAccessInfo() // //*************************************************************************** HRESULT EnumAccessInfo(IADs *pads) { if(NULL == pads) { return E_INVALIDARG; } HRESULT hr; VARIANT var; // Get the ntSecurityDescriptor attribute VariantInit(&var); hr = pads->Get(CComBSTR("ntSecurityDescriptor"), &var); if(SUCCEEDED(hr)) { if(VT_DISPATCH == var.vt) { /* Get the security descriptor from the ntSecurityDescriptor attribute. */ IADsSecurityDescriptor *pSD; hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor, (LPVOID*)&pSD); if(SUCCEEDED(hr)) { IDispatch *pDisp; /* Get the DACL from the security descriptor. */ hr = pSD->get_DiscretionaryAcl(&pDisp); if(SUCCEEDED(hr)) { IADsAccessControlList *pACL; hr = pDisp->QueryInterface(IID_IADsAccessControlList, (LPVOID*)&pACL); if(SUCCEEDED(hr)) { /* Enumerate the trustees of this ACL. */ hr = EnumTrustees(pACL); pACL->Release(); } pDisp->Release(); } pSD->Release(); } } VariantClear(&var); } return hr; }
The following Visual Basic code example shows a function that will enumerate the trustees of an object.
Private Sub EnumAccessInfo(ByVal oObject As IADs) Dim SecDesc As SecurityDescriptor Dim Dacl As AccessControlList On Error GoTo CleanUp ' Get the security descriptor for the object. Set SecDesc = oObject.Get("ntSecurityDescriptor") ' Get the DACL for the object. Set Dacl = SecDesc.DiscretionaryAcl Debug.Print "Trustees:" ' Enumerate the ACEs in the DACL, printing the Trustee for each. For Each oACE In Dacl Debug.Print vbTab + oACE.Trustee Next CleanUp: Set SecDesc = Nothing Set Dacl = Nothing End Sub