Directory Services

Reading the defaultSecurityDescriptor for an Object Class

Using ADSI, you can read the defaultSecurityDescriptor for an object class.

To read the defaultSecurityDescriptor for an Object Class in C/C++

If you use ADSI, use the following steps to read defaultSecurityDescriptor for an object class. This operation is shown in the following code example.

  1. Get an IADs interface pointer to the classSchema object for the object class.
  2. Use the IADs::Get method to get the default security descriptor of the object. The name of the property that contains the security descriptor is defaultSecurityDescriptor. The property will be returned as a VARIANT containing a BSTR with the default security descriptor in SDDL string format.
  3. Use the ConvertStringSecurityDescriptorToSecurityDescriptor function to convert the SDDL string form to a security descriptor.
  4. Use the Win32 Security APIs to read the parts of the security descriptor: GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, GetSecurityDescriptorOwner, and GetSecurityDescriptorControl.