protected override void ProcessRecord()
{
//OU can be passed as name or as dn
List <ObjectInfo> OUs = DirectoryUtils.GetOU(Identity);
if (OUs.Count > 1)
{
foreach (ObjectInfo ou in OUs)
{
WriteObject(ou);
}
throw new Exception("More than one object found, search using distinguishedName instead");
}
if (OUs.Count == 0)
{
throw new Exception("Object not found");
}
ActiveDirectorySecurity sec = DirectoryUtils.GetObjectSecurity(conn, OUs[0].DistinguishedName, System.DirectoryServices.Protocols.SecurityMasks.Sacl);
//apply permissions only to computer objects
Guid inheritedObjectGuid = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.schemaNamingContext, "computer", SchemaObjectType.Class);
Guid pwdGuid = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.schemaNamingContext, Constants.PasswordAttributeName, SchemaObjectType.Attribute);
System.DirectoryServices.ActiveDirectoryAuditRule auditRule;
foreach (string principalName in AuditedPrincipals)
{
System.Security.Principal.NTAccount principal = new System.Security.Principal.NTAccount(principalName);
auditRule = new ActiveDirectoryAuditRule(
principal,
ActiveDirectoryRights.ExtendedRight,
AuditType,
pwdGuid,
ActiveDirectorySecurityInheritance.Descendents,
inheritedObjectGuid
);
sec.AddAuditRule(auditRule);
}
DirectoryUtils.SetObjectSecurity(conn, OUs[0].DistinguishedName, sec, System.DirectoryServices.Protocols.SecurityMasks.Sacl);
OUs[0].Status = PermissionDelegationState.Delegated;
WriteObject(OUs[0]);
}
public void RemoveAuditRuleSpecific(ActiveDirectoryAuditRule rule) {}
public bool RemoveAuditRule(ActiveDirectoryAuditRule rule) {}
public void SetAuditRule(ActiveDirectoryAuditRule rule) {}
public void AddAuditRule(ActiveDirectoryAuditRule rule) {}
public void RemoveAuditRuleSpecific(ActiveDirectoryAuditRule rule)
{
}
public bool RemoveAuditRule(ActiveDirectoryAuditRule rule)
{
}
public void SetAuditRule(ActiveDirectoryAuditRule rule)
{
}
public void AddAuditRule(ActiveDirectoryAuditRule rule)
{
}
