通过

安全描述符属性类型

  • 项目

诸如 nTSecurityDescriptor 之类的属性使用 String(NT-Sec_Desc) 语法类型。如果此类型的属性是通过 Properties 属性获取的,则将此数据类型表示为可以强制转换为 IADsSecurityDescriptor 的 COM 对象。如果此类型的属性是从 ResultPropertyValueCollection 获取的,则将此数据类型表示为 Byte 值的数组。有关 nTSecurityDescriptor 属性、String(NT-Sec_Desc) 语法类型以及 IADsSecurityDescriptor 接口的更多信息,请参见位于 https://go.microsoft.com/fwlink/?LinkID=27252 (可能为英文网页)上的 MSDN Library 中的“nTSecurityDescriptor”主题、“String(NT-Sec_Desc)”主题以及“IADsSecurityDescriptor”主题。

从 .NET Framework 2.0 开始,Active Directory 域服务对象的安全描述符由 ActiveDirectorySecurity 类表示,并且可以通过 ObjectSecurity 属性获取或设置。

下面的 Visual Basic 示例说明如何读取对象的安全描述符。

Imports ActiveDS
Imports System.Collections

Dim ent As New DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com")
Dim sd As SecurityDescriptor = CType(ent.Properties("ntSecurityDescriptor").Value, SecurityDescriptor)
Dim acl As AccessControlList = CType(sd.DiscretionaryAcl, AccessControlList) 
Dim ace As AccessControlEntry
For Each ace In  CType(acl, IEnumerable)
    Console.WriteLine("Trustee: {0}", ace.Trustee)
    Console.WriteLine("AccessMask: {0}", ace.AccessMask)
    Console.WriteLine("Access Type: {0}", ace.AceType)
Next ace

using ActiveDs;
using System.Collections;

DirectoryEntry ent = new DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com");
SecurityDescriptor sd = (SecurityDescriptor) ent.Properties["ntSecurityDescriptor"].Value; 
AccessControlList acl= (AccessControlList) sd.DiscretionaryAcl;

foreach(AccessControlEntry ace in (IEnumerable) acl)
{
    Console.WriteLine("Trustee: {0}", ace.Trustee);
    Console.WriteLine("AccessMask: {0}", ace.AccessMask);
    Console.WriteLine("Access Type: {0}", ace.AceType);
}

下面的 Visual Basic 示例说明如何将安全描述符写入对象。

Import ActiveDS

Dim usr As New DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com")
Dim newAce = New AccessControlEntryClass()
Dim usrSD As SecurityDescriptor = CType(usr.Properties("ntSecurityDescriptor").Value, SecurityDescriptor)
Dim usrAcl As AccessControlList = CType(usrSD.DiscretionaryAcl, AccessControlList)
newAce.Trustee = "AliceW"
newAce.AccessMask = - 1
newAce.AceType = 0
usrAcl.AddAce(newAce)
usrSD.DiscretionaryAcl = usrAcl
usr.Properties("ntSecurityDescriptor").Value = usrSD
usr.CommitChanges()

using ActiveDS;

DirectoryEntry usr = new DirectoryEntry("LDAP://CN=My User Name,OU=Marketing,DC=fabrikam,DC=com");
AccessControlEntry newAce = new AccessControlEntryClass();
SecurityDescriptor usrSD = (SecurityDescriptor)usr.Properties["ntSecurityDescriptor"].Value; AccessControlList usrAcl= (AccessControlList) usrSD.DiscretionaryAcl;
newAce.Trustee = "AliceW";
newAce.AccessMask = -1;
newAce.AceType = 0;
usrAcl.AddAce(newAce);
usrSD.DiscretionaryAcl = usrAcl;
usr.Properties["ntSecurityDescriptor"].Value = usrSD;
usr.CommitChanges();

另请参见

参考

System.DirectoryServices
ActiveDirectorySecurity
DirectoryEntry
ResultPropertyValueCollection
Byte

概念

属性类型

Send comments about this topic to Microsoft.

版权所有 (C) 2007 Microsoft Corporation。保留所有权利。