The following Visual Basic example shows how to enumerate the discretionary ACL on a security descriptor object.
Dim X as IADs
Dim Namespace As IADsOpenDSObject
Dim SecurityDescriptor As IADsSecurityDescriptor
Dim Dacl As IADsAccessControlList
' First get access to the LDAP directory service
Set Namespace = GetObject("LDAP:")
' Establish your credentials with no password
Set X = Namespace.OpenDSObject("LDAP://MyLdapSvr/O=Internet/DC=MS",
"cn=administrator,DC=MS,O=Internet", "", 1)
' Retrieve the contents of the ntSecurityDescriptor field which is
' an interface pointer on the security descriptor object
' for the X object
Set SecurityDescriptor = X.Get("ntSecurityDescriptor")
' Print out the owner of the object
' Print out the group
Debug.Print SecurityDescriptor.Owner
Debug.Print SecurityDescriptor.Group
'
Set Dacl = SecurityDescriptor.DiscretionaryAcl
' Enumerate the ACEs in the Dacl, first printing out the count
Debug.Print Dacl.AceCount
For Each Obj In Dacl
Debug.Print Obj.Trustee
Debug.Print Obj.AccessMask
Debug.Print Obj.AceFlags
Debug.Print Obj.AceType
Next