Platform SDK: Active Directory, ADSI, and Directory Services

Enumerating the ACLs on an ADSI Object

The following Visual Basic example shows how to enumerate the discretionary ACL on a security descriptor object.

Dim X as IADs
Dim Namespace As IADsOpenDSObject
Dim SecurityDescriptor As IADsSecurityDescriptor
Dim Dacl As IADsAccessControlList
 
' First get access to the LDAP directory service
Set Namespace = GetObject("LDAP:")
' Establish your credentials with no password
Set X = Namespace.OpenDSObject("LDAP://MyLdapSvr/O=Internet/DC=MS",
    "cn=administrator,DC=MS,O=Internet", "", 1)
' Retrieve the contents of the ntSecurityDescriptor field which is
'    an interface pointer on the security descriptor object
'    for the X object.
Set SecurityDescriptor = X.Get("ntSecurityDescriptor")
' Print out the owner of the object.
' Print out the group. 
Debug.Print SecurityDescriptor.Owner
Debug.Print SecurityDescriptor.Group
' 
Set Dacl = SecurityDescriptor.DiscretionaryAcl
' Enumerate the ACEs in the Dacl, first printing out the count.
Debug.Print Dacl.AceCount
 
For Each Obj In Dacl
    Debug.Print Obj.Trustee
    Debug.Print Obj.AccessMask
    Debug.Print Obj.AceFlags
    Debug.Print Obj.AceType
Next