Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: dsGetProperty dsAclGetAces dsGetSecProp Permissions ACE ACL SACL DACL AD Object ADSI Security Descriptor Access Control List Entries
;Load Appropriate Extender If WinMetrics(-2) == 3 Then AddExtender("WWADS64I.DLL") ; 64-bit Else AddExtender("WWADS44I.DLL") ; 32-bit ; Get an object's Security Descriptor sPropertyName = "ntSecurityDescriptor" sAdsiPath = "LDAP://Mydomain/cn=myuser,cn=users,dc=Mydomain,dc=SiteDomain,dc=com" secSD = dsGetProperty(sAdsiPath, sPropertyName) ; Get Security Descriptor properties. sList = "" sValue = dsGetSecProp( secSD, "Revision") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "Control") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "Owner") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "OwnerDefaulted") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "Group") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "GroupDefaulted") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "DaclDefaulted") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "SystemAcl") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secSD, "SaclDefaulted") sList = StrReplace( sList, @TAB, @CRLF) Message("Security Descriptor Properties", sList) ; Get ACL properties. sList = "" secACL = dsGetSecProp( secSD, "DiscretionaryAcl") sValue = dsGetSecProp(secAcl, "AclRevision") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp(secAcl, "AceCount") sList = ItemInsert(sValue, -1, sList, @TAB) sList = StrReplace( sList, @TAB, @CRLF) Message("ACL Properties", sList) ; Get the first ACE. sAceList = dsAclGetAces(secAcl, 3) secACE = ItemExtract(1, sAceList, @TAB) ; Get ACE Properties sList = "" sValue = dsGetSecProp( secAce, "Trustee") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secAce, "AceFlags") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secAce, "AceType") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secAce, "Flags") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secAce, "ObjectType") sList = ItemInsert(sValue, -1, sList, @TAB) sValue = dsGetSecProp( secAce, "AccessMask") sList = ItemInsert(sValue, -1, sList, @TAB) sList = StrReplace( sList, @TAB, @CRLF) Message("ACE Properties", sList) ExitReference: http://msdn.microsoft.com/en-us/library/windows/desktop/aa705951(v=vs.85).aspx
Article ID: W17538
Filename: User Permissions on an AD Object .txt
File Created: 2012:10:23:09:43:24
Last Updated: 2012:10:23:09:43:24