Incorrect Access Control List (ACL) returned by ADSI
Santi
I am using the IADsSecurityDescriptor (ADSI interface) to retrieve the
Access Control List (ACL) to an Active Directory service object.The
ACL provides specific access control information to the ADSI object
for different clients.
Please refer the msdn link (sample code) for more information -
http://msdn.microsoft.com/en-us/library/aa705953(v=VS.85).aspx
The IADsAccessControlList is a collection of IADsAccessControlEntry.
Each IADsAccessControlEntry provides details of specific access
control information (e.g. Trustee Name, ACE Type, ACE Mask etc.) to
the ADSI object for a client. My code retrieves and display the list
of Trustee names provided by the IADsAccessControlEntry::get_Trustee()
method.
Below are the observations -
1. We retrieved a completely different set of trustee names than the
ones expected. Most of them appear as numbers (.e.g. "S-5-1-4-11" not
sure whether these are SIDs).
2. With one of our Active Directory installations we observed that two
different list of Trustee names were retrieved when port number was
specified explicitly in the LDAP path and when it was not
specified .i.e. "LDAP://192.168.10.61:389/OU=xyz,DC=abc,DC=com" and
"LDAP://192.168.10.61/OU=xyz,DC=abc,DC=com".
3. Another thing that I observed was that there was some delay in the
execution of program when port number is specified explicitly in the
LDAP path while this delay disappears when it is not specified.
We need to understand and resolve this issue. Can anybody please
help?.
Regards,
Santosh Pillai