安全性描述元屬性型別

nTSecurityDescriptor 之類的屬性使用 String(NT-Sec_Desc) 語法類型。如果以 Properties 屬性取得這種屬性類型，則會以可轉型為 IADsSecurityDescriptor 的 COM 物件代表此資料類型。如果這種屬性取自 ResultPropertyValueCollection，則以 Byte 值陣列代表此資料類型。如需有關 nTSecurityDescriptor 屬性、String(NT-Sec_Desc) 語法類型以及 IADsSecurityDescriptor 介面的詳細資訊，請參閱 MSDN Library 中的＜nTSecurityDescriptor＞主題、＜String(NT-Sec_Desc)＞主題及＜IADsSecurityDescriptor＞主題，網址為：https://go.microsoft.com/fwlink/?LinkID=27252 (本頁面可能為英文)。

從 .NET Framework 2.0 開始，Active Directory 網域服務物件的安全性描述元以 ActiveDirectorySecurity 類別表示，並可使用 ObjectSecurity 屬性來取得或設定。

下列 Visual Basic 範例示範如何讀取物件上的安全性描述元。

Imports ActiveDS
Imports System.Collections

Dim ent As New DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com")
Dim sd As SecurityDescriptor = CType(ent.Properties("ntSecurityDescriptor").Value, SecurityDescriptor)
Dim acl As AccessControlList = CType(sd.DiscretionaryAcl, AccessControlList) 
Dim ace As AccessControlEntry
For Each ace In  CType(acl, IEnumerable)
    Console.WriteLine("Trustee: {0}", ace.Trustee)
    Console.WriteLine("AccessMask: {0}", ace.AccessMask)
    Console.WriteLine("Access Type: {0}", ace.AceType)
Next ace

using ActiveDs;
using System.Collections;

DirectoryEntry ent = new DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com");
SecurityDescriptor sd = (SecurityDescriptor) ent.Properties["ntSecurityDescriptor"].Value; 
AccessControlList acl= (AccessControlList) sd.DiscretionaryAcl;

foreach(AccessControlEntry ace in (IEnumerable) acl)
{
    Console.WriteLine("Trustee: {0}", ace.Trustee);
    Console.WriteLine("AccessMask: {0}", ace.AccessMask);
    Console.WriteLine("Access Type: {0}", ace.AceType);
}

下列 Visual Basic 範例示範如何將安全性描述元寫入物件。

Import ActiveDS

Dim usr As New DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com")
Dim newAce = New AccessControlEntryClass()
Dim usrSD As SecurityDescriptor = CType(usr.Properties("ntSecurityDescriptor").Value, SecurityDescriptor)
Dim usrAcl As AccessControlList = CType(usrSD.DiscretionaryAcl, AccessControlList)
newAce.Trustee = "AliceW"
newAce.AccessMask = - 1
newAce.AceType = 0
usrAcl.AddAce(newAce)
usrSD.DiscretionaryAcl = usrAcl
usr.Properties("ntSecurityDescriptor").Value = usrSD
usr.CommitChanges()

using ActiveDS;

DirectoryEntry usr = new DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com");
AccessControlEntry newAce = new AccessControlEntryClass();
SecurityDescriptor usrSD = (SecurityDescriptor)usr.Properties["ntSecurityDescriptor"].Value; AccessControlList usrAcl= (AccessControlList) usrSD.DiscretionaryAcl;
newAce.Trustee = "AliceW";
newAce.AccessMask = -1;
newAce.AceType = 0;
usrAcl.AddAce(newAce);
usrSD.DiscretionaryAcl = usrAcl;
usr.Properties["ntSecurityDescriptor"].Value = usrSD;
usr.CommitChanges();

請參閱

參考

System.DirectoryServices
ActiveDirectorySecurity
DirectoryEntry
ResultPropertyValueCollection
Byte

概念

屬性型別

Send comments about this topic to Microsoft.

Copyright © 2007 by Microsoft Corporation.All rights reserved.