Platform SDK: Active Directory, ADSI, and Directory Services |
Active Directory uses access control to grant or deny access to objects, properties, and operations based on the identity of the user making the access attempt. When your application binds to the directory, it binds with specific user credentials. Once authenticated, these credentials determine your application's security context. Regardless of whether the credentials are those of the logged-on user, a specified user, a service account, a computer account, or an unauthenticated user (Guest/Everyone), Active Directory checks the user's right to access an object before any operation is performed on that object. The user may or may not have access to a particular object, its children, its properties, or operations on that object, which means that your application needs to handle the potential errors caused by denied access.
The following topics discuss security contexts and the effects of access control on various operations.