How do I: Get Security Descriptor - System.DirectoryServices
Question:
How do I get a Security Descriptor from Active Directory Entry.
Comments:
The code below shows what I want to happen, however it does not work because the DirectoryEntry class returns a COM Ojbect, throws Exception.
MyCode:
| |
DirectoryEntry de =new DirectoryEntry("//CN=ExchangeOrganization,CN=Microsoft" href="ldap://CN=ExchangeOrganization,CN=Microsoft">LDAP://CN=ExchangeOrganization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=YourDomain,DC=com");// This does not work, because the value is a COM Object
ActiveDirectorySecurity ads = (ActiveDirectorySecurity)de.Properties["ntSecurityDescriptor"][0]; // I know how to use Interop, and get the Security Descriptor.
// Since the ActiveDirectorySecurity exists, there must be a way to use this.
|
My Environment:
I am using July CTP Beta 2 Whidbey.
Thanks
Russell Mangel
Las Vegas, NV
Hello Russell,
The correct way to do this is to use the new ObjectSecurity property on DirectoryEntry. For backward compatibility, retrieving the “ntSecurityDescriptor” property from the property cache still returns a COM object. Also, one thing to be aware of is that the ObjectSecurity property and the “ntSecurityDescriptor” property, although constructed from the same information obtained from the directory, are independent of each other and changes made to one do not affect the other.
The code would look like
Hope that helps, and please feel free to post back to this forum if this solves your problem, or you have more questions or technical details!
Thanks,
Stephen
http://blogs.msdn.com/stfisher
