Verwenden von IADs zum Abrufen eines Sicherheitsdeskriptors
In den folgenden Codebeispielen wird die IADs::Get-Methode verwendet, um einen IADsSecurityDescriptor-Zeiger auf die nTSecurityDescriptor-Eigenschaft eines Objekts in Active Directory Domain Services abzurufen.
Dim rootDSE As IADs
Dim ADUser As IADs
Dim sd As IADsSecurityDescriptor
On Error GoTo Cleanup
' Bind to the Users container in the local domain.
Set rootDSE = GetObject("LDAP://rootDSE")
Set ADUser = GetObject("LDAP://cn=users," & rootDSE.Get("defaultNamingContext"))
' Get the security descriptor on the Users container.
Set sd = ADUser.Get("ntSecurityDescriptor")
Debug.Print sd.Control
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision
Exit Sub
Cleanup:
Set rootDSE = Nothing
Set ADUser = Nothing
Set sd = Nothing
HRESULT GetSDFromIADs(
IADs *pObject,
IADsSecurityDescriptor **ppSD )
{
VARIANT var;
HRESULT hr;
if(!pObject || !ppSD)
{
return E_INVALIDARG;
}
// Set *ppSD to NULL.
*ppSD = NULL;
VariantInit(&var);
// Get the nTSecurityDescriptor.
hr = pObject->Get(CComBSTR("nTSecurityDescriptor"), &var);
if (SUCCEEDED(hr))
{
// Type should be VT_DISPATCH - an IDispatch pointer to the security descriptor object.
if (var.vt == VT_DISPATCH)
{
// Use V_DISPATCH macro to get the IDispatch pointer from the
// VARIANT structure and QueryInterface for the IADsSecurityDescriptor pointer.
hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor, (void**)ppSD);
}
else
{
hr = E_FAIL;
}
}
VariantClear(&var);
return hr;
}