Modifying nTSecurityDescriptor via MIIS
From: Hugh Kelley (hkelley_at_internosis.Kom)
Date: 05/23/05
- Next message: Alek: "Re: How many keys?"
- Previous message: Ryan Taylor: "How many keys?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 23 May 2005 17:27:24 -0400
Has anyone done this successfully?
I've been trying via both COM and P/Invoke interop to manipulate the
attribute for Active Directory user objects. I've run into dead ends with
each.
In the COM approach, the IADsSecurityUtility::ConvertSecurityDescriptor
method gives me a valid security descriptor from the MIIS-provided byte
array but I'm getting extra bits (as compared to the original byte array
once the SD has been converted back). Apparently the extra bits are
meaningless to Windows (the ACL is properly set after an MIIS export) but
they get discarded by AD, this causes some MIIS-specific issues.
In the Win32 approach the data just doesn't seem quite right. Some of the
functions work, like IsValidSecurityDescriptor() and IsValidAcl(), but
others, like SetSecurityDescriptorOwner, return error #1336
ERROR_INVALID_ACL. I'm hoping someone here can offer some suggestions about
what might cause this condition.
Hugh
- Next message: Alek: "Re: How many keys?"
- Previous message: Ryan Taylor: "How many keys?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
