protected override void ProcessRecord() { //OU can be passed as name or as dn List <ObjectInfo> OUs = DirectoryUtils.GetOU(Identity); if (OUs.Count > 1) { foreach (ObjectInfo ou in OUs) { WriteObject(ou); } throw new Exception("More than one object found, search using distinguishedName instead"); } if (OUs.Count == 0) { throw new Exception("Object not found"); } ActiveDirectorySecurity sec = DirectoryUtils.GetObjectSecurity(conn, OUs[0].DistinguishedName, System.DirectoryServices.Protocols.SecurityMasks.Sacl); //apply permissions only to computer objects Guid inheritedObjectGuid = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.schemaNamingContext, "computer", SchemaObjectType.Class); Guid pwdGuid = DirectoryUtils.GetSchemaGuid(conn, forestRootDomain.schemaNamingContext, Constants.PasswordAttributeName, SchemaObjectType.Attribute); System.DirectoryServices.ActiveDirectoryAuditRule auditRule; foreach (string principalName in AuditedPrincipals) { System.Security.Principal.NTAccount principal = new System.Security.Principal.NTAccount(principalName); auditRule = new ActiveDirectoryAuditRule( principal, ActiveDirectoryRights.ExtendedRight, AuditType, pwdGuid, ActiveDirectorySecurityInheritance.Descendents, inheritedObjectGuid ); sec.AddAuditRule(auditRule); } DirectoryUtils.SetObjectSecurity(conn, OUs[0].DistinguishedName, sec, System.DirectoryServices.Protocols.SecurityMasks.Sacl); OUs[0].Status = PermissionDelegationState.Delegated; WriteObject(OUs[0]); }
public void RemoveAuditRuleSpecific(ActiveDirectoryAuditRule rule) {}
public bool RemoveAuditRule(ActiveDirectoryAuditRule rule) {}
public void SetAuditRule(ActiveDirectoryAuditRule rule) {}
public void AddAuditRule(ActiveDirectoryAuditRule rule) {}
public void RemoveAuditRuleSpecific(ActiveDirectoryAuditRule rule) { }
public bool RemoveAuditRule(ActiveDirectoryAuditRule rule) { }
public void SetAuditRule(ActiveDirectoryAuditRule rule) { }
public void AddAuditRule(ActiveDirectoryAuditRule rule) { }