Directory Services

IADsSecurityDescriptor

The IADsSecurityDescriptor interface is a dual interface. It provides access to properties on an ADSI security descriptor object.

Methods in Vtable Order

The IADsSecurityDescriptor interface inherits the methods of the standard COM interfaces:

In addition, IADsSecurityDescriptor defines the following methods.

Method Description
get_Revision Gets the revision number assigned to the security descriptor.
put_Revision Sets the revision number assigned to the security descriptor.
get_Control Gets the Security_Descriptor_Control flag.
put_Control Sets the Security_Descriptor_Control flag.
get_Owner Gets the owner of the object associated with the security descriptor.
put_Owner Sets the owner of the object associated with the security descriptor.
get_OwnerDefaulted Gets the flag that indicates if the owner data is derived by a default mechanism.
put_OwnerDefaulted Sets the flag that indicates if the owner data is derived by a default mechanism.
get_Group Gets the group that owns the object associated with the security descriptor.
put_Group Sets the group that owns the object associated with the security descriptor.
get_GroupDefaulted Gets the flag that indicates if the group data is derived by a default mechanism.
put_GroupDefaulted Sets the flag that indicates if the group data is derived by a default mechanism.
get_DiscretionaryAcl Gets the discretionary ACL associated with the security descriptor.
put_DiscretionaryAcl Sets the discretionary ACL associated with the security descriptor.
get_DaclDefaulted Gets the flag that indicates if the DACL is derived from a default mechanism.
put_DaclDefaulted Sets the flag that indicates if the DACL is derived from a default mechanism.
get_SystemAcl Gets the system ACL associated with the security descriptor.
put_SystemAcl Sets the system ACL associated with the security descriptor.
get_SaclDefaulted Gets the flag that indicates if the SACL is derived from a default mechanism.
put_SaclDefaulted Sets the flag that indicates if the SACL is derived from a default mechanism.
CopySecurityDescriptor Copies the security descriptor.

Properties

The IADsSecurityDescriptor interface defines the following properties. The preceding table includes access methods for these properties.

Property Description
Control Gets and puts the Security_Descriptor_Control flag.
DaclDefaulted Gets and puts the flag that indicates if the DACL is derived from a default mechanism.
DiscretionaryAcl Gets and puts the discretionary ACL associated with the security descriptor.
Group Gets and puts the group that owns the object associated with the security descriptor.
GroupDefaulted Gets and puts the flag that indicates if the group data is derived by a default mechanism.
Owner Gets and puts the owner of the object associated with the security descriptor.
OwnerDefaulted Gets and puts the flag that indicates if the owner data is derived by a default mechanism.
Revision Gets and puts the revision number assigned to the security descriptor.
SaclDefaulted Gets and puts the flag that indicates if the SACL is derived from a default mechanism.
SystemAcl Gets and puts the system ACL associated with the security descriptor.

Remarks

Use this interface to examine and change the access controls to an Active Directory directory service object. You can also use it to create copies of a security descriptor. You use an object ntSecurityDescriptor property to access its security descriptor object. For more information about the specific steps you will need to perform to create a new security descriptor and set it on an object, see Creating a Security Descriptor for a New Directory Object and Null DACLs and Empty DACLs.

Example Code [Visual Basic]

The following code example shows how to display data from a security descriptor.

' Get the security descriptor.
Dim x As IADs
Dim sd As IADsSecurityDescriptor

On Error GoTo Cleanup
 
Set x = GetObject("LDAP://DC=Fabrikam,DC=com")
Set sd = x.Get("ntSecurityDescriptor")
Debug.Print sd.Control
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
 
Cleanup:
	If (Err.Number<>0) Then
		MsgBox("An error has occurred. " & Err.Number)
	End If
	Set x = Nothing
	Set sd = Nothing

Example Code [C++]

The following code example displays data from a security descriptor of a directory object.

HRESULT DisplaySD(IADs *pObj)
{
	IADsSecurityDescriptor *pSD = NULL;
	BSTR bstr = NULL;
	long lVal = 0; 
	HRESULT hr = S_OK;
	VARIANT var;

	VariantInit(&var);

	if(pObj==NULL)
	{
		return E_FAIL;
}

	hr = pObj->Get(CComBSTR("ntSecurityDescriptor"), &var);
	if(FAILED(hr)){goto Cleanup;}


	hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor,(void**)&pSD);
	if(FAILED(hr)){goto Cleanup;}

   hr = pSD->get_Control(&lVal);
   printf("SD Control = %d\n",lVal);

   hr = pSD->get_Owner(&bstr);
   printf("SD Owner   = %S\n",bstr);
   SysFreeString(bstr);

   hr = pSD->get_Group(&bstr);
   printf("SD Group   = %S\n",bstr);
   SysFreeString(bstr);

   hr = pSD->get_Revision(&lVal);
   printf("SD Revision= %d\n",lVal);
	
Cleanup:
	VariantClear(&var);
	if(pSD) pSD->Release();
	return hr;
}

Requirements

Client: Included in Windows XP and Windows 2000 Professional.
Server: Included in Windows Server 2003 and Windows 2000 Server.
Redistributable: Requires Active Directory Client Extension on Windows NT 4.0 SP6a and Windows 95/98/Me.
Header: Declared in Iads.h.

See Also

Creating a Security Descriptor for a New Directory Object, Null DACLs and Empty DACLs, IADsAccessControlEntry, IADsAccessControlList