G
Guest
i have sample set i'm working through. it is presenting ACE rights on
exchange containers. the problem is that as it tries to translate a user it
fails because it is not vaild SID any more.
when i try to use "try and catch" i will exit the program. however MSDN does
not show that there is only "The converted identity". but what if like in my
case there is no translation. how can i just present id without translation?
here is the sample code...
public static void ADSReadACEsExp(AuthorizationRuleCollection aCL)
{
int iCounter = 1;
if (aCL.Count == 0)
{
Console.WriteLine("There are no ACEs associated with this
ACL.");
}
else
{
// try
// {
//Determine the type of ACL by calling the first ACE in
the index
//and returning its type name.
//aCL[0].GetType().Name returns
ActiveDirectoryAccessRule if it's
//a DACL (called by GetAccessRule)
//and it reutrn ActiveDirectoryAuditRule if it's a SACL
(called by GetAuditRule)
string aCEType =
(aCL[0].GetType().Name ==
"ActiveDirectoryAccessRule") ? "DACL" : "SACL";
Console.WriteLine("\r\nRead ACEs in {0}\n", aCEType);
#region //if the aCEType is a DACL iterate an
ActiveDirectoryAccessRule collection
if (aCEType == "DACL")
{
foreach (ActiveDirectoryAccessRule aCE in aCL)
//For reading ACE's in a DACL
{
Console.WriteLine("\t\t\tCounter = " + iCounter);
iCounter++;
//Ace is an allow or deny type. Use the
AuditFlags property
//to get a success or failure value of an ACE in
a SACL
Console.WriteLine("ACE Type:\t\t{0}",
aCE.AccessControlType);
/* You can get the sid from the next commented
line,
* but it's more intuitive to get the account
name
* as shown after the commented code.
* Console.WriteLine("Identity Reference
(SID):\t{0}",
* aCE.IdentityReference.Value);
/* An efficient way to get to the username is to
use the translate
* method to convert the IdentityReference (SID)
to an
* IdentityReference NTAccount, then call
* the value property of the NTAccount class to
retrieve
* the account name. */
NTAccount nTAcctInfo =
(NTAccount)aCE.IdentityReference.Translate(typeof(NTAccount)); <---where the
error can appear.
Console.WriteLine("Trustee:\t\t{0}",
nTAcctInfo.Value);
exchange containers. the problem is that as it tries to translate a user it
fails because it is not vaild SID any more.
when i try to use "try and catch" i will exit the program. however MSDN does
not show that there is only "The converted identity". but what if like in my
case there is no translation. how can i just present id without translation?
here is the sample code...
public static void ADSReadACEsExp(AuthorizationRuleCollection aCL)
{
int iCounter = 1;
if (aCL.Count == 0)
{
Console.WriteLine("There are no ACEs associated with this
ACL.");
}
else
{
// try
// {
//Determine the type of ACL by calling the first ACE in
the index
//and returning its type name.
//aCL[0].GetType().Name returns
ActiveDirectoryAccessRule if it's
//a DACL (called by GetAccessRule)
//and it reutrn ActiveDirectoryAuditRule if it's a SACL
(called by GetAuditRule)
string aCEType =
(aCL[0].GetType().Name ==
"ActiveDirectoryAccessRule") ? "DACL" : "SACL";
Console.WriteLine("\r\nRead ACEs in {0}\n", aCEType);
#region //if the aCEType is a DACL iterate an
ActiveDirectoryAccessRule collection
if (aCEType == "DACL")
{
foreach (ActiveDirectoryAccessRule aCE in aCL)
//For reading ACE's in a DACL
{
Console.WriteLine("\t\t\tCounter = " + iCounter);
iCounter++;
//Ace is an allow or deny type. Use the
AuditFlags property
//to get a success or failure value of an ACE in
a SACL
Console.WriteLine("ACE Type:\t\t{0}",
aCE.AccessControlType);
/* You can get the sid from the next commented
line,
* but it's more intuitive to get the account
name
* as shown after the commented code.
* Console.WriteLine("Identity Reference
(SID):\t{0}",
* aCE.IdentityReference.Value);
/* An efficient way to get to the username is to
use the translate
* method to convert the IdentityReference (SID)
to an
* IdentityReference NTAccount, then call
* the value property of the NTAccount class to
retrieve
* the account name. */
NTAccount nTAcctInfo =
(NTAccount)aCE.IdentityReference.Translate(typeof(NTAccount)); <---where the
error can appear.
Console.WriteLine("Trustee:\t\t{0}",
nTAcctInfo.Value);