| Platform SDK: Active Directory, ADSI, and Directory Services |
The IADsAccessControlList::get__NewEnum method is used to obtain an enumerator object for the ACL to enumerate ACEs.
HRESULT get__NewEnum( IUnknown ** ppEnumerator );
This method returns the standard return values, including S_OK and E_FAIL. For other return values, see ADSI Error Codes.
Notice that there are two underscores in get__NewEnum.
Visual Basic® makes an implicit call to the get__NewEnum method in the execution of the For Each obj In collection … Next obj statement.
Dim Dacl As IADsAccessControlList
Dim ace as IADsAccessControlEntry
' Do something to get Dacl, code omitted.
' Remove all the ace's from the acl.
For Each ace In Dacl
Dacl.RemoveAce (ace)
Next ace
C/C++ code will be more involved. The following C++ code snippet illustrates how to enumerate ACEs using IADsAccessControlList::get__NewEnum.
IEnumVARIANT *pEnum;
LPUNKNOWN pUnk;
ULONG lFetch;
BSTR bstr;
IADsAccessControlEntry *pACE;
hr = pACL->get__NewEnum( &pUnk );
if ( !SUCCEEDED(hr) )
{
pACL->Release();
return;
}
hr = pUnk->QueryInterface( IID_IEnumVARIANT, (void**) &pEnum );
if ( !SUCCEEDED(hr) )
{
return;
}
hr = pEnum->Next( 1, &var, &lFetch );
while( hr == S_OK )
{
if ( lFetch == 1 )
{
if ( VT_DISPATCH != V_VT(&var) )
{
pEnum->Release();
return;
}
pDisp = V_DISPATCH(&var);
/////////////////////////
// Get the individual ACE
/////////////////////////
hr = pDisp->QueryInterface( IID_IADsAccessControlEntry,
(void**)&pACE );
if ( SUCCEEDED(hr) )
{
pACE->get_Trustee(&bstr);
printf("\n %S:\n", bstr);
//ACE manipulation here
SysFreeString(bstr);
pACE->Release();
}
VariantClear(&var);
}
hr = pEnum->Next( 1, &var, &lFetch );
};
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
Windows 95/98: Requires Windows 95 or later (with DSClient).
Header: Declared in Iads.h.
IEnumVARIANT, IADsAccessControlEntry, IADsSecurityDescriptor