A Simple ADSI Example
All
of the seven ACE properties are set using property methods of the
same names as those in an ADSI interface called
IADsAccessControlEntry. The ACEs that are created
using this are then modified using
IADsAccessControlList and
IADsSecurityDescriptor.
Let’s go through an example now so you can see how it all fits together. Example 23-1 shows a section of VBScript code that creates an ACE that allows ANewGroup full access to the myOU organizational unit and all its children.
Example 23-1. A simple ADSI example
'************************************************************************** 'Declare constants '************************************************************************** Const FULL_CONTROL = -1 Const ADS_ACETYPE_ACCESS_ALLOWED = 0 Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = 2 '************************************************************************** 'Declare variables '************************************************************************** Dim objObject 'Any object Dim objSecDesc 'SecurityDescriptor Dim objDACL 'AccessControlList Dim objNewACE 'AccessControlEntry '************************************************************************** 'Create the new ACE and populate it '************************************************************************** Set objNewACE = CreateObject("AccessControlEntry") objNewACE.Trustee = "AMER\ANewGroup" objNewACE.AccessMask = FULL_CONTROL objNewACE.AceType = ADS_ACETYPE_ACCESS_ALLOWED objNewACE.AceFlags = ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT ...Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
