Enumerating the ACLs on an ADSI Object

The following Visual Basic example shows how to enumerate the discretionary ACL on a security descriptor object.

Dim X as IADs
Dim Namespace As IADsOpenDSObject
Dim SecurityDescriptor As IADsSecurityDescriptor
Dim Dacl As IADsAccessControlList
 
' First get access to the LDAP directory service
Set Namespace = GetObject("LDAP:")
' Establish your credentials with no password
Set X = Namespace.OpenDSObject("LDAP://MyLdapSvr/O=Internet/DC=MS",
     "cn=administrator,DC=MS,O=Internet", "", 1)
' Retrieve the contents of the ntSecurityDescriptor field which is
'     an interface pointer on the security descriptor object
'     for the X object
Set SecurityDescriptor = X.Get("ntSecurityDescriptor")
' Print out the owner of the object
' Print out the group 
Debug.Print SecurityDescriptor.Owner
Debug.Print SecurityDescriptor.Group
' 
Set Dacl = SecurityDescriptor.DiscretionaryAcl
' Enumerate the ACEs in the Dacl, first printing out the count
Debug.Print Dacl.AceCount
 
For Each Obj In Dacl
     Debug.Print Obj.Trustee
     Debug.Print Obj.AccessMask
     Debug.Print Obj.AceFlags
     Debug.Print Obj.AceType
Next