Re: AzMan Access Check

Hi Jeffrey,

Thanks for you help!

Yes, you have to modified the configuration file (.exe.config) to tell the
application with infomration belows:
1. your domian username, (with permission to check for access right) ( eg.
Domain Admin)
2. password,
3. LDAP path of the interested AD object (eg.
LDAP://server/CN=Users,DC=domain,DC=com)
4. The trustee SID. (eg. objectSid
attribute of your domain user account)

For the above configuration, the application would connect as the Domain
Admin, and check for the access right of user (with the specified SID in 3)
on the object (with the specified LDAP path in 4). The access right in
interest are as follows (checked in the while-true loop):
a. Writing to description, cn and name attributes
b. Create and Delete objects of class "Service Connection Point"
c. Delete Tree.

The SID I gave in the application is a domain user account on my testing
Forest, your forest would probaly report error 1332 for this, which mean "No
mapping between account names and security IDs was done". I am afraid I
cannot give a native Win32 code to you shortly, but I will give it a try
anway.

In addition, I found out that in order to successfully use the
AuthzInitializeContextFromSid API, you have to use it on a domain computer.

Again, Thanks for your help!

Best Regards,
Tony Cheung


""Jeffrey Tan[MSFT]"" <jetan@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:ZUuri1kfGHA.1740@xxxxxxxxxxxxxxxxxxxxxxxx
Hi Tony,

Thanks for your feedback!

Yes, I have received your sample project. It seems that you are using
Net2.0 to interop the AzMan APIs.

Do I need to modify any setting in the project? Your application fails at
the first PInvoke.AdvApi.AccessCheck calling with error code 1332. I also
have tried to change UserName to my alias in the domain, password to my
domain password, and path to my user account LDAP path, it still fails. Is
there any information you want to update to get it work?

Also, is it possible for you to create the project in native Win32 code? I
am not a .Net interop expert, so I am not sure if the problem occurs in
AzMan API or .Net interop side.

Thanks!

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.



.