Platform SDK: Active Directory, ADSI, and Directory Services |
The property methods of the IADsSecurityDescriptor interface get or set the properties described in the following table. For more information, see Interface Property Methods.
Property | Description |
---|---|
Revision
[Visual Basic] [C++] |
Revision level of the security descriptor. This value is taken from the Win32 ACL_REVISION_INFORMATION structure. All ACEs in an ACL must be at the same revision level. |
Control
[Visual Basic] [C++] |
Flags that qualify the meaning of the security descriptor. Values are taken from the Win32 SECURITY_DESCRIPTOR_CONTROL structure. |
Owner
[Visual Basic] [C++] |
Owner of the object. |
OwnerDefaulted
[Visual Basic] [C++] |
A flag of the BOOL type to indicate if the owner information is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly. |
Group
[Visual Basic] [C++] |
Group to which the owner's security ID belongs. |
GroupDefaulted
[Visual Basic] [C++] |
A flag of the BOOL type to indicate if the group information is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly. |
DiscretionaryAcl
[Visual Basic] [C++] |
Discretionary access-control list that specifies types of access allowed to the object for specified users and groups. |
DaclDefaulted
[Visual Basic] [C++] |
A flag of the BOOL type to indicate if the DACL is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly. For example, if an object's creator does not specify a DACL, the object receives the default DACL from the creator's access token. This flag can affect how the system treats the DACL, with respect to ACE inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set. |
SystemAcl
[Visual Basic] [C++] |
System access-control list used to generate audit records for the object. |
SaclDefaulted
[Visual Basic] [C++] |
A flag of the BOOL type to indicate if the SACL is derived from a default mechanism, rather than by the original provider of the security descriptor explicitly. This flag can affect how the system treats the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set. |
Dim ou As IADs Dim sd As IADsSecurityDescriptor Dim dacl As IADsAccessControlList Dim sacl As IADsAccessControlList Set ou = GetObject("LDAP://OU=Sales,DC=Fabrikam,DC=com") Set sd = ou.Get("ntSecurityDescriptor") Debug.Print sd.Owner Debug.Print sd.Group Debug.Print sd.Owner Debug.Print sd.Revision Set dacl = sd.DiscretionaryAcl Set sacl = sd.SystemAcl
For C++ code snippet demonstrating how to work the property methods of a security descriptor, see the introductory discussion of the IADsSecurityDescriptor interface.