Platform SDK: Active Directory, ADSI, and Directory Services |
The IADsAccessControlList::get__NewEnum method is used to obtain an enumerator object for the ACL to enumerate ACEs.
HRESULT get__NewEnum( IUnknown ** ppEnumerator );
This method returns the standard return values, including S_OK and E_FAIL. For other return values, see ADSI Error Codes.
Notice that there are two underscores in get__NewEnum.
Visual Basic® makes an implicit call to the get__NewEnum method in the execution of the For Each obj In collection … Next obj statement.
Dim Dacl As IADsAccessControlList Dim ace as IADsAccessControlEntry ' Do something to get Dacl, code omitted. ' Remove all the ace's from the acl. For Each ace In Dacl Dacl.RemoveAce (ace) Next ace
C/C++ code will be more involved. The following C++ code snippet illustrates how to enumerate ACEs using IADsAccessControlList::get__NewEnum.
IEnumVARIANT *pEnum; LPUNKNOWN pUnk; ULONG lFetch; BSTR bstr; IADsAccessControlEntry *pACE; hr = pACL->get__NewEnum( &pUnk ); if ( !SUCCEEDED(hr) ) { pACL->Release(); return; } hr = pUnk->QueryInterface( IID_IEnumVARIANT, (void**) &pEnum ); if ( !SUCCEEDED(hr) ) { return; } hr = pEnum->Next( 1, &var, &lFetch ); while( hr == S_OK ) { if ( lFetch == 1 ) { if ( VT_DISPATCH != V_VT(&var) ) { pEnum->Release(); return; } pDisp = V_DISPATCH(&var); ///////////////////////// // Get the individual ACE ///////////////////////// hr = pDisp->QueryInterface( IID_IADsAccessControlEntry, (void**)&pACE ); if ( SUCCEEDED(hr) ) { pACE->get_Trustee(&bstr); printf("\n %S:\n", bstr); //ACE manipulation here SysFreeString(bstr); pACE->Release(); } VariantClear(&var); } hr = pEnum->Next( 1, &var, &lFetch ); };
Windows NT/2000: Requires Windows 2000 (or Windows NT 4.0 with DSClient).
Windows 95/98: Requires Windows 95 or later (with DSClient).
Header: Declared in Iads.h.
IEnumVARIANT, IADsAccessControlEntry, IADsSecurityDescriptor