Skip to main content

This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft Edge More info about Internet Explorer and Microsoft Edge
Read in English
Read in English Edit
Twitter LinkedIn Facebook Email

Controlling object access in Active Directory Domain Services

  • Article
  • 12/04/2019

In this article

Each Active Directory directory service object is protected by Windows 2000 security. This security protection controls the operations that each security principal can perform in the directory. The following sections describe how a directory-enabled application can use the access control features in Active Directory.

  • How Access Control Works in Active Directory Domain Services
  • How access control affects read operations, write operation, object creation and deletion.
  • Using the IADs and IDirectoryObject interfaces to work with an object's security descriptor
  • Modifying the access permissions on an object
  • How security descriptors are set on new directory objects
  • Creating a Security Descriptor for a New Directory Object
  • Using inheritance of access permissions to enable administrative access to an entire subtree of the directory
  • Creating, modifying, and reading the default security descriptor for an object class
  • Creating, setting, and checking control access rights for operations that go beyond those covered by the predefined rights
  • Using DsAddSidHistory
  • Controlling Object Visibility
  • Null DACLs and Empty DACLs

 

 


Feedback

Was this page helpful?

Feedback

Submit and view feedback for

This page
View all page feedback

Additional resources

  • Previous Versions
  • Blog
  • Contribute
  • Privacy
  • Terms of Use
  • Trademarks
  • © Microsoft 2023

Additional resources

In this article

  • Previous Versions
  • Blog
  • Contribute
  • Privacy
  • Terms of Use
  • Trademarks
  • © Microsoft 2023