Active Directory

  • Thread starter Thread starter M. Sharma
  • Start date Start date
M

M. Sharma

Hello

How can we store the "security descriptor" property of an AD object in c#?

Is it possible to save it in a text file, so that it can be used to compare
later ?

Is there any other newsgroup where this could be asked ?

Please help

Thanks
 
On XP and higher one can use the DirectoryServices namespace and a little
help from the native ADSI provider's class "ADsSecurityUtilityClass".

Following dumps a SD in hex to the console:

SecurityDescriptor sd = null;
// Use ADsSecurityUtilityClass available on XP and W2K3(add a reference to
activeds.tlb or create an IA)
ADsSecurityUtilityClass asu = new ADsSecurityUtilityClass();
using(DirectoryEntry user = new
DirectoryEntry("LDAP://someDC/CN=administrator,cn=users,DC=celeb,DC=w2kdom,DC=com")
sd = user.Properties["ntSecurityDescriptor"].Value as SecurityDescriptor;
object sdInHex = asu.ConvertSecurityDescriptor(sd,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_HEXSTRING);
Console.WriteLine(sdInHex.ToString());
}

Willy.
 
Hello Willy

Will this work on windows 2000 box ?

What I'm trying to do is create a utility which checks for permission issues
on one of my application, which creates object in AD.

Rather than asking the user to go into ADSI Edit and check permission on
every object, I want the utility to do it and display everything that is
different from the normal program installed permission.

What is the best method to do this ?

Thanks

Willy Denoyette said:
On XP and higher one can use the DirectoryServices namespace and a little
help from the native ADSI provider's class "ADsSecurityUtilityClass".

Following dumps a SD in hex to the console:

SecurityDescriptor sd = null;
// Use ADsSecurityUtilityClass available on XP and W2K3(add a reference
to activeds.tlb or create an IA)
ADsSecurityUtilityClass asu = new ADsSecurityUtilityClass();
using(DirectoryEntry user = new
DirectoryEntry("LDAP://someDC/CN=administrator,cn=users,DC=celeb,DC=w2kdom,DC=com")
sd = user.Properties["ntSecurityDescriptor"].Value as
SecurityDescriptor;
object sdInHex = asu.ConvertSecurityDescriptor(sd,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID,
(int)ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_HEXSTRING);
Console.WriteLine(sdInHex.ToString());
}

Willy.

M. Sharma said:
Hello

How can we store the "security descriptor" property of an AD object in
c#?

Is it possible to save it in a text file, so that it can be used to
compare later ?

Is there any other newsgroup where this could be asked ?

Please help

Thanks
Click to expand...
Click to expand...
 
Hemang Shah said:
Hello Willy

Will this work on windows 2000 box ?
Click to expand...

W2K's activeds.dll doesn't include this class, you have to use the class
from the (unsupported) adsecurity.dll included in the ADSI SDK.

Willy.
 
Back
Top