Platform SDK: Active Directory, ADSI, and Directory Services |
The following Visual Basic example shows how to enumerate the discretionary ACL on a security descriptor object.
Dim X as IADs Dim Namespace As IADsOpenDSObject Dim SecurityDescriptor As IADsSecurityDescriptor Dim Dacl As IADsAccessControlList ' First get access to the LDAP directory service Set Namespace = GetObject("LDAP:") ' Establish your credentials with no password Set X = Namespace.OpenDSObject("LDAP://MyLdapSvr/O=Internet/DC=MS", "cn=administrator,DC=MS,O=Internet", "", 1) ' Retrieve the contents of the ntSecurityDescriptor field which is ' an interface pointer on the security descriptor object ' for the X object. Set SecurityDescriptor = X.Get("ntSecurityDescriptor") ' Print out the owner of the object. ' Print out the group. Debug.Print SecurityDescriptor.Owner Debug.Print SecurityDescriptor.Group ' Set Dacl = SecurityDescriptor.DiscretionaryAcl ' Enumerate the ACEs in the Dacl, first printing out the count. Debug.Print Dacl.AceCount For Each Obj In Dacl Debug.Print Obj.Trustee Debug.Print Obj.AccessMask Debug.Print Obj.AceFlags Debug.Print Obj.AceType Next