Usando IADs para obter um descritor de segurança

Os exemplos de código a seguir usam o método IADs::Get para recuperar um ponteiro IADsSecurityDescriptor para a propriedade nTSecurityDescriptor de um objeto nos Serviços de Domínio Active Directory.

Dim rootDSE As IADs
Dim ADUser As IADs
Dim sd As IADsSecurityDescriptor

On Error GoTo Cleanup
' Bind to the Users container in the local domain.
Set rootDSE = GetObject("LDAP://rootDSE")
Set ADUser = GetObject("LDAP://cn=users," & rootDSE.Get("defaultNamingContext"))
' Get the security descriptor on the Users container.
Set sd = ADUser.Get("ntSecurityDescriptor")
Debug.Print sd.Control
Debug.Print sd.Group
Debug.Print sd.Owner
Debug.Print sd.Revision

Exit Sub

    Set rootDSE = Nothing
    Set ADUser = Nothing
    Set sd = Nothing
                IADs *pObject,
                IADsSecurityDescriptor **ppSD )
    VARIANT var;
    HRESULT hr;

    if(!pObject || !ppSD)
        return E_INVALIDARG;
    // Set *ppSD to NULL.
    *ppSD = NULL;
    // Get the nTSecurityDescriptor.
    hr = pObject->Get(CComBSTR("nTSecurityDescriptor"), &var);
    if (SUCCEEDED(hr))
        // Type should be VT_DISPATCH - an IDispatch pointer to the security descriptor object.
        if (var.vt == VT_DISPATCH)
            // Use V_DISPATCH macro to get the IDispatch pointer from the 
            // VARIANT structure and QueryInterface for the IADsSecurityDescriptor pointer.
            hr = V_DISPATCH(&var)->QueryInterface(IID_IADsSecurityDescriptor, (void**)ppSD);
            hr = E_FAIL;

    return hr;