private bool IsMatch(string trustee, string requestor, string serverName, AccessControlType aceType = AccessControlType.Allow) { ActiveDirectory d = new ActiveDirectory(); var user = d.GetUser(requestor); var p = d.GetPrincipal(trustee); DiscretionaryAcl dacl = new DiscretionaryAcl(false, false, 1); dacl.AddAccess(aceType, p.Sid, (int)AccessMask.Jit, InheritanceFlags.None, PropagationFlags.None); CommonSecurityDescriptor sd = new CommonSecurityDescriptor(false, false, ControlFlags.DiscretionaryAclPresent, new SecurityIdentifier(WellKnownSidType.LocalSystemSid, null), null, null, dacl); if (serverName == null) { serverName = d.GetDomainNameDnsFromSid(p.Sid); } using AuthorizationContext c = new AuthorizationContext(user.Sid, serverName); return(c.AccessCheck(sd, (int)AccessMask.Jit)); }