Alain,
Superb, setting the options in advance allowed me to get the SACLs correctly. Pity that it doesn't seem to be reflected in any other literature.
Virtual pint on it's way or at least a purchase of your book!
Thanks,
Paul.
From: "Alain Lissoir" <[EMAIL PROTECTED]>Subject: RE: [ActiveDi
May 05, 2005 12:47 PMTo:
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] scripting
sacls
Do you currently have permissions to view the SACL through
LDAP?
Try this
adfind -b object_DN ntSecurityDescriptor
-sddc
If you see a DN but no SDDL representation of the ACL then
you may not have
MTo:
activedir@mail.activedir.orgSubject: [ActiveDir] scripting
sacls
I'm trying to modify the sacls on an object. Every document/book/google
demostrates how to do this by get the ntSecurityDescriptor of an object and then
obtaining a handle to the SACL by referencing .SystemAcl from the descriptor.
I'm trying to modify the sacls on an object. Every document/book/google demostrates how to do this by get the ntSecurityDescriptor of an object and then obtaining a handle to the SACL by referencing .SystemAcl from the descriptor.
Nice except that when you try and get the object you get an err