Platform SDK: Active Directory, ADSI, and Directory Services |
The following code fragments use the IADs::Get method to retrieve an IADsSecurityDescriptor pointer to the nTSecurityDescriptor property of an Active Directory object.
Dim rootDSE As IADs Dim ADUser As IADs Dim sd As IADsSecurityDescriptor 'Bind to the Users container in the local domain Set rootDSE = GetObject("LDAP://rootDSE") Set ADUser = GetObject("LDAP://cn=users," & rootDSE.Get("defaultNamingContext")) 'Get the security descriptor on the Users container Set sd = ADUser.Get("ntSecurityDescriptor") Debug.Print sd.Control Debug.Print sd.Group Debug.Print sd.Owner Debug.Print sd.Revision
HRESULT GetSDFromIADs( IADs *pObject, IADsSecurityDescriptor **pSD ) { VARIANT var; HRESULT hr = E_FAIL; // Set *pSD to NULL. if (*pSD) *pSD = NULL; VariantClear(&var); // Get the nTSecurityDescriptor hr = pObject->Get(L"nTSecurityDescriptor", &var); if (SUCCEEDED(hr)) { //Type should be VT_DISPATCH--an IDispatch ptr to the security descriptor object. if (var.vt==VT_DISPATCH) { // Use V_DISPATCH macro to get the IDispatch pointer from the // VARIANT structure and QI for IADsSecurityDescriptor ptr. hr = V_DISPATCH( &var )->QueryInterface(IID_IADsSecurityDescriptor,(void**)pSD); if (FAILED(hr)) { if (*pSD) (*pSD)->Release(); } } else hr = E_FAIL; } VariantClear(&var); return hr; }