public static System.DirectoryServices.ActiveDirectorySecurity GetObjectSecurity(LdapConnection conn, string objectDN, System.DirectoryServices.Protocols.SecurityMasks securityMask)
{
if (conn == null)
{
throw new ArgumentNullException("Method does not accept null parameters");
}
System.DirectoryServices.ActiveDirectorySecurity retVal = new System.DirectoryServices.ActiveDirectorySecurity();
//get securityDescriptor
SearchRequest searchRq = new SearchRequest(objectDN, string.Format(System.Globalization.CultureInfo.InvariantCulture, "(distinguishedName={0})", objectDN), System.DirectoryServices.Protocols.SearchScope.Base, "ntSecurityDescriptor");
searchRq.Controls.Add(new SecurityDescriptorFlagControl(securityMask));
SearchResponse rsp = (SearchResponse)conn.SendRequest(searchRq);
foreach (SearchResultEntry sr in rsp.Entries)
{
byte[] ntSecurityDescriptor = sr.Attributes["ntsecuritydescriptor"].GetValues(typeof(byte[]))[0] as byte[];
retVal.SetSecurityDescriptorBinaryForm(ntSecurityDescriptor);
}
return(retVal);
}
public static System.DirectoryServices.ActiveDirectorySecurity GetObjectSecurity(LdapConnection conn, string dn, System.DirectoryServices.Protocols.SecurityMasks securityMask)
{
System.DirectoryServices.ActiveDirectorySecurity retVal = new System.DirectoryServices.ActiveDirectorySecurity();
//get securityDescriptor
SearchRequest searchRq = new SearchRequest(dn, string.Format("(distinguishedName={0})", dn), System.DirectoryServices.Protocols.SearchScope.Base, "ntSecurityDescriptor");
searchRq.Controls.Add(new SecurityDescriptorFlagControl(securityMask));
SearchResponse rsp = (SearchResponse)conn.SendRequest(searchRq);
foreach (SearchResultEntry sr in rsp.Entries)
{
byte[] ntSecurityDescriptor = sr.Attributes["ntsecuritydescriptor"].GetValues(typeof(byte[]))[0] as byte[];
retVal.SetSecurityDescriptorBinaryForm(ntSecurityDescriptor);
}
return(retVal);
}
public static void SetObjectSecurity(LdapConnection conn, string dn, System.DirectoryServices.ActiveDirectorySecurity sec, System.DirectoryServices.Protocols.SecurityMasks securityMask)
{
if (sec == null || conn == null || string.IsNullOrEmpty(dn))
{
throw new ArgumentNullException("Method does not accept null parameters");
}
byte[] rawSD = sec.GetSecurityDescriptorBinaryForm();
//get securityDescriptor
ModifyRequest modRq = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "ntSecurityDescriptor", rawSD);
modRq.Controls.Add(new SecurityDescriptorFlagControl(securityMask));
conn.SendRequest(modRq);
}
public static void SetObjectSecurity(LdapConnection conn, string dn, System.DirectoryServices.ActiveDirectorySecurity sec, System.DirectoryServices.Protocols.SecurityMasks securityMask)
{
byte[] rawSD = sec.GetSecurityDescriptorBinaryForm();
//get securityDescriptor
ModifyRequest modRq = new ModifyRequest(dn, DirectoryAttributeOperation.Replace, "ntSecurityDescriptor", rawSD);
modRq.Controls.Add(new SecurityDescriptorFlagControl(securityMask));
ModifyResponse rsp = (ModifyResponse)conn.SendRequest(modRq);
}
