static void Main(string[] args) { string Path = "LDAP://dsaddom.nttest.microsoft.com/CN=Greg MacBeth,CN=Users,DC=dsaddom,DC=nttest,DC=MICROSOFT,DC=COM"; string User = "******"; string Password = "******"; DirectoryEntry Entry = new DirectoryEntry(Path, User, Password); AccessControlEntry newAce = new AccessControlEntryClass(); //Read the SecurityDescriptor SecurityDescriptor sd = (SecurityDescriptor)Entry.Properties["ntSecurityDescriptor"].Value; AccessControlList acl = (AccessControlList)sd.DiscretionaryAcl; foreach (AccessControlEntry ace in (IEnumerable)acl) { Console.WriteLine("Trustee: {0}", ace.Trustee); Console.WriteLine("AccessMask: {0}", ace.AccessMask); Console.WriteLine("Access Type: {0}", ace.AceType); } //Modify the SecurityDescriptor newAce.Trustee = "Jim"; newAce.AccessMask = -1; newAce.AceType = 0; acl.AddAce(newAce); sd.DiscretionaryAcl = acl; Entry.Properties["ntSecurityDescriptor"].Value = sd; Entry.CommitChanges(); }
public void ApplyPermission(string trustee, ADS_ACETYPE_ENUM aceType, ADS_RIGHTS_ENUM accessMask, ADS_ACEFLAG_ENUM aceFlags, ADS_FLAGTYPE_ENUM flag, DirectoryEntry objectType, DirectoryEntry inheritedObject) { ActiveDs.AccessControlEntryClass ace = new AccessControlEntryClass(); ace.AccessMask = (int)accessMask; ace.Flags = (int)Enum.Parse(typeof(ActiveDs.ADS_FLAGTYPE_ENUM), Enum.GetName(typeof(ADS_FLAGTYPE_ENUM), flag)); ace.AceFlags = (int)Enum.Parse(typeof(ActiveDs.ADS_ACEFLAG_ENUM), Enum.GetName(typeof(ADS_ACEFLAG_ENUM), aceFlags)); ace.AceType = (int)Enum.Parse(typeof(ActiveDs.ADS_ACETYPE_ENUM), Enum.GetName(typeof(ADS_ACETYPE_ENUM), aceType)); ace.Trustee = trustee; this._accessControlList.AddAce(ace); _securityDescriptor.DiscretionaryAcl = this._accessControlList; this.CommitChanges(); }
public void UpdateSecurityDescriptorViaInterop() { //point this to any object (I chose a user) DirectoryEntry entry = TestUtils.CreateDirectoryEntry( "CN=User1,OU=Users," + TestUtils.Settings.DefaultPartition); IADsAccessControlEntry newAce = new AccessControlEntryClass(); IADsSecurityDescriptor sd = (IADsSecurityDescriptor) entry.Properties["ntSecurityDescriptor"].Value; IADsAccessControlList dacl = (IADsAccessControlList)sd.DiscretionaryAcl; newAce.Trustee = @"mydomain\some user"; //update this to your needs newAce.AccessMask = -1; //all flags newAce.AceType = 0; //access allowed dacl.AddAce(newAce); sd.DiscretionaryAcl = dacl; entry.Properties["ntSecurityDescriptor"].Value = sd; entry.CommitChanges(); }