GetAccessControl for Active Directory Objects?

Try WMI

chanmm

"KarlM" <Ma******@newsgroup.nospamwrote in message
news:D9**********************************@microsof t.com...

Hallo!
System.Security.AccessControl.FileSecurity (GetAccessControl) works fine.

Now I would like to use GetAccessControl for Active Directory Objects like
computers. I've searched a lot but I've found no solution.
Can anyone help me with an example or with a link to solve my problem?

Thanks a lot in advance!!!

No, you shouldn't go that road, V2 of the FCL has all you need to get AD
object security programming correct.

Willy.

"chanmm" <ch*****@hotmail.comwrote in message
news:%2****************@TK2MSFTNGP05.phx.gbl...
| Try WMI
|
| chanmm
|
| "KarlM" <Ma******@newsgroup.nospamwrote in message
| news:D9**********************************@microsof t.com...
| Hallo!
| System.Security.AccessControl.FileSecurity (GetAccessControl) works
fine.
| >
| Now I would like to use GetAccessControl for Active Directory Objects
like
| computers. I've searched a lot but I've found no solution.
| Can anyone help me with an example or with a link to solve my problem?
| >
| Thanks a lot in advance!!!
|
|

"KarlM" <Ma******@newsgroup.nospamwrote in message
news:D9**********************************@microsof t.com...
| Hallo!
| System.Security.AccessControl.FileSecurity (GetAccessControl) works fine.
|
| Now I would like to use GetAccessControl for Active Directory Objects like
| computers. I've searched a lot but I've found no solution.
| Can anyone help me with an example or with a link to solve my problem?
|
| Thanks a lot in advance!!!

Something like this will get you started.

using(DirectoryEntry computers = new
DirectoryEntry("LDAP://xxxxx/cn=computers,DC=...", ...))
{
foreach(DirectoryEntry computer in computers.Children)
{
Console.WriteLine(computer.Properties["cn"].Value);
ActiveDirectorySecurity compSecurity = comp.ObjectSecurity;
Console.WriteLine(compSecurity.GetSecurityDescript orSddlForm(AccessControlSections.Access));
}
}

Willy.

Thank you for your answer!

"chanmm" wrote:

Try WMI

chanmm

"KarlM" <Ma******@newsgroup.nospamwrote in message
news:D9**********************************@microsof t.com...

Hallo!
System.Security.AccessControl.FileSecurity (GetAccessControl) works fine.

Now I would like to use GetAccessControl for Active Directory Objects like
computers. I've searched a lot but I've found no solution.
Can anyone help me with an example or with a link to solve my problem?

Thanks a lot in advance!!!

Thank you for your answer! I'll try it and will tell you if it works.

"Willy Denoyette [MVP]" wrote:

>
"KarlM" <Ma******@newsgroup.nospamwrote in message
news:D9**********************************@microsof t.com...
| Hallo!
| System.Security.AccessControl.FileSecurity (GetAccessControl) works fine.
|
| Now I would like to use GetAccessControl for Active Directory Objects like
| computers. I've searched a lot but I've found no solution.
| Can anyone help me with an example or with a link to solve my problem?
|
| Thanks a lot in advance!!!

Something like this will get you started.

using(DirectoryEntry computers = new
DirectoryEntry("LDAP://xxxxx/cn=computers,DC=...", ...))
{
foreach(DirectoryEntry computer in computers.Children)
{
Console.WriteLine(computer.Properties["cn"].Value);
ActiveDirectorySecurity compSecurity = comp.ObjectSecurity;
Console.WriteLine(compSecurity.GetSecurityDescript orSddlForm(AccessControlSections.Access));
}
}

Willy.

Hi Martin,

Have you tried Willy's code? Does it work on your side? If you still need
any help or have any concern, please feel free to feedback, thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Hallo Jeffrey,

thanks for your answer. But I have just started to work at the project again
(another one became more urgent meanwhile). So I can't tell something about
the problem/solution at the moment.

""Jeffrey Tan[MSFT]"" wrote:

Hi Martin,

Have you tried Willy's code? Does it work on your side? If you still need
any help or have any concern, please feel free to feedback, thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Hi Martin,

Yes, I understand it. If you have to check it, please feel free to repost.
Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Hallo!

I've found a solution like this:

string strMemberString = "LDAP://OU=Test,DC=Domain,DC=local";
DirectoryEntry computers = new DirectoryEntry();
computers.Path = strMemberString;
computers.Options.SecurityMasks = SecurityMasks.Owner | SecurityMasks.Group
| SecurityMasks.Dacl | SecurityMasks.Sacl;

foreach (DirectoryEntry computer in computers.Children)
{
if (computer.Name == "CN=TEst")
{
ActiveDirectorySecurity sdc = computer.ObjectSecurity;
NTAccount Account = new NTAccount("Domain\\XYZ");
SecurityIdentifier Sid =
(SecurityIdentifier)Account.Translate(typeof(Secur ityIdentifier));
ActiveDirectoryAccessRule rule = new ActiveDirectoryAccessRule(Sid,
ActiveDirectoryRights.ExtendedRight | ActiveDirectoryRights.GenericRead,
AccessControlType.Allow);
sdc.SetAccessRule(rule);
computer.CommitChanges();
}
}
""Jeffrey Tan[MSFT]"" wrote:

Hi Martin,

Yes, I understand it. If you have to check it, please feel free to repost.
Thanks.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Cool, thank you for sharing with the community.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscripti...ult.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscripti...t/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.