Platform SDK: Active Directory, ADSI, and Directory Services

Using IADs to Get a Security Descriptor

The following code fragments use the IADs::Get method to retrieve an IADsSecurityDescriptor pointer to the nTSecurityDescriptor property of an Active Directory object.

[Visual Basic]
Dim rootDSE As IADs
Dim ADUser As IADs
Dim sd As IADsSecurityDescriptor
 
'Bind to the Users container in the local domain
Set rootDSE = GetObject("LDAP://rootDSE")
Set ADUser = GetObject("LDAP://cn=users," & rootDSE.Get("defaultNamingContext"))
 
'Get the security descriptor on the Users container
Set sd = ADUser.Get("ntSecurityDescriptor")
Debug.Print sd.Control
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
[C++]
HRESULT GetSDFromIADs(
                IADs *pObject,
                IADsSecurityDescriptor **pSD )
{
VARIANT var;
HRESULT hr = E_FAIL;
 
// Set *pSD to NULL.
if (*pSD)
    *pSD = NULL;
VariantClear(&var);
 
// Get the nTSecurityDescriptor
hr = pObject->Get(L"nTSecurityDescriptor", &var);
if (SUCCEEDED(hr))
{
    //Type should be VT_DISPATCH--an IDispatch ptr to the security descriptor object.
    if (var.vt==VT_DISPATCH)
    { 
        // Use V_DISPATCH macro to get the IDispatch pointer from the 
        // VARIANT structure and QI for IADsSecurityDescriptor ptr.
        hr = V_DISPATCH( &var )->QueryInterface(IID_IADsSecurityDescriptor,(void**)pSD);
        if (FAILED(hr)) {
            if (*pSD)
                (*pSD)->Release();
        }
    }
    else
        hr = E_FAIL;
}
VariantClear(&var);
return hr;
}