Platform SDK: Active Directory, ADSI, and Directory Services

Reading the defaultSecurityDescriptor for an Object Class

Using ADSI, you can read the defaultSecurityDescriptor for an object class.

To read the defaultSecurityDescriptor for an Object Class in C/C++

If you are using ADSI, use the following steps for reading defaultSecurityDescriptor for an object class (see the following code fragment for an example):

  1. Get an IADs interface pointer to the classSchema object for the object class.
  2. Use the IADs::Get method to get the default security descriptor of the object. The name of the property containing the security descriptor is defaultSecurityDescriptor. The property will be returned as a VARIANT containing a BSTR with the default security descriptor in SDDL string format.
  3. Use the ConvertStringSecurityDescriptorToSecurityDescriptor function to convert the SDDL string form to a security descriptor.
  4. Use the Win32 Security APIs to read the parts of the security descriptor: GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, GetSecurityDescriptorOwner, and GetSecurityDescriptorControl.
Built on Tuesday, February 08, 2000