Directory Services

IADsAccessControlList Property Methods

The property methods of the IADsAccessControlList interface get or set the properties described in the following table. For more information, see Interface Property Methods.

Properties

Property Description
AclRevision

[Visual Basic]
Access: Read/Write
DataType: LONG

[C++]
HRESULT get_AclRevision
([out] LONG* lnAclRevision);
HRESULT put_AclRevision
([in] LONG lnAclRevision);

The revision level of an access-control list. For Windows NT 4.0 and earlier, the value for this property is always ACL_REVISION. For Windows 2000 or later, this value can be ACL_REVISION or ACL_REVISION_DS. Use ACL_REVISION_DS if the ACL contains an object-specific ACE. All ACEs in an ACL must be at the same revision level.
AceCount

[Visual Basic]
Access: Read/Write
DataType: LONG

[C++]
HRESULT get_AceCount
([out] LONG* lnAceCount);
HRESULT put_AceCount
([in] LONG lnAceCount);

The number of access control entries in the access-control list.

Example Code [Visual Basic]

The following code example displays the number of ACEs in an ACL.

Dim x as IADs
Dim sd As IADsSecurityDescriptor
Dim Dacl As IADsAccessControlList

On Error GoTo Cleanup

Set x = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com")
Set sd = x.Get("ntSecurityDescriptor")
Set Dacl = sd.DiscretionaryAcl
Debug.Print Dacl.AceCount

Cleanup:
	If (Err.Number <> 0) Then
		MsgBox ("An error has occurred. " & Err.Number)
	End If
	Set x = Nothing

Example Code [C++]

The following code example displays the number of ACEs in an ACL.

HRESULT ShowACEInACL(LPWSTR guestPath,LPWSTR user,LPWSTR passwd)
{
  IADs *pObj = NULL;
  IADsSecurityDescriptor *psd = NULL;
  HRESULT hr = S_OK;
  VARIANT var;

  VariantInit(&var);

  hr = ADsOpenObject(guestPath,user,passwd,ADS_SECURE_AUTHENTICATION,
					 IID_IADs,(void**)&pObj);
  if(FAILED(hr)) {
	printf("hr = %x\n",hr);
	return hr;
  }
  else {
	BSTR bstr = NULL;
	pObj->get_Class(&bstr);
	printf("Object class: %S\n",bstr);
	SysFreeString(bstr);
  }

  hr = pObj->Get(CComBSTR("ntSecurityDescriptor"), &var);
  pObj->Release();

  if(FAILED(hr)) {
	printf("Get ntSD: hr = %x\n",hr);
	return hr;
  }

  hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor,
										(void**)&psd);

  if(FAILED(hr)) {
	printf("DISP: hr = %x\n",hr);
	VariantClear(&var);
	return hr;
  }

  IDispatch *pDisp = NULL;
  hr = psd->get_DiscretionaryAcl(&pDisp);
  VariantClear(&var);

  if(FAILED(hr)) {
	printf("get_DACL : hr = %x\n",hr);
	return hr;
  }

  IADsAccessControlList *pAcl = NULL;
  hr = pDisp->QueryInterface(IID_IADsAccessControlList,(void**)&pAcl);
  pDisp->Release();

  if(FAILED(hr)) {
	printf("QI ACL: hr = %x\n",hr);
	return hr;
  }

  long count = 0;
  hr = pAcl->get_AceCount(&count);
  pAcl->Release();
  if(FAILED(hr)) {
	printf("Count: hr = %x\n",hr);
	return hr;
  }

  printf("AceCount = %d\n",count);

  return hr;
}

Requirements

Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.

See Also

IEnumVARIANT, IADsAccessControlEntry, IADsSecurityDescriptor