Platform SDK: Active Directory, ADSI, and Directory Services |
The IADsAccessControlList::RemoveAce method removes an access-control entry(ACE) from the access-control list (ACL).
HRESULT RemoveAce( IDispatch * pAccessControlEntry );
This method returns the standard return values, as well as the following:
For other return values, see ADSI Error Codes.
The following Visual Basic® code snippet shows how to remove entries from a discretionary access-control list.
Dim x As IADs Dim sd As IADsSecurityDescriptor Dim Dacl As IADsAccessControlList Set x = GetObject("LDAP://OU=Sales, DC=activeD,DC=nttest,DC=microsoft,DC=com") Set sd = x.Get("ntSecurityDescriptor") Set Dacl = sd.DiscretionaryAcl '—Removing ACEs belong to jsmith ---- For Each ace In Dacl If (ace.Trustee = "FABRIKAM\jsmith") Then Dacl.RemoveAce (ace) End If Next sd.DiscretionaryAcl = Dacl x.Put "ntSecurityDescriptor", Array(sd) x.SetInfo
The following C++ code snippet removes the ACEs with the specified Trustee ("aDomain\PowerUser").
HRESULT removeAcesFrom(IADsAccessControlList *pAcl) { IEnumVARIANT *pEnum; LPUNKNOWN pUnk; ULONG lFetch; BSTR bstr; IADsAccessControlEntry *pACE; HRESULT hr = pAcl->get__NewEnum( &pUnk ); if ( !SUCCEEDED(hr) ) { pAcl->Release(); return hr; } hr = pUnk->QueryInterface( IID_IEnumVARIANT, (void**) &pEnum ); if ( !SUCCEEDED(hr) ) { return hr; } VARIANT var; VariantInit(&var); hr = pEnum->Next( 1, &var, &lFetch ); IDispatch *pDisp; while( hr == S_OK ) { if ( lFetch == 1 ) { if ( VT_DISPATCH != V_VT(&var) ) { pEnum->Release(); return hr; } pDisp = V_DISPATCH(&var); /////////////////////////// // Get the individual ACE /////////////////////////// hr = pDisp->QueryInterface( IID_IADsAccessControlEntry, (void**)&pACE ); if ( SUCCEEDED(hr) ) { pACE->get_Trustee(&bstr); printf("ACE trustee: %S:\n", bstr); //ACE manipulation here SysFreeString(bstr); if(wcscmp(bstr,L"aDomain\PowerUser")==0) { pACE->QueryInterface(IID_IDispatch,(void**)&pDisp); hr = pAcl->RemoveAce(pDisp); if(FAILED(hr)) { pDisp->Release(); return hr; } } pACE->Release(); } VariantClear(&var); } hr = pEnum->Next( 1, &var, &lFetch ); } return S_OK; }
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
Windows 95/98: Requires Windows 95 or later (with DSClient).
Header: Declared in Iads.h.