如何查询对 Active Directory 对象的有效权限? [英] How do I query effective permissions on an Active Directory Object?
问题描述
我正在尝试以编程方式确定当前用户是否对给定的 Active Directory 对象具有某些权限(特别是在这种情况下,我正在尝试确定该用户是否对另一个 Exchange 用户具有代理发送"权限或分发列表对象).
I'm trying to programmatically determine whether the current user has certain permissions on a given Active Directory object (specifically in this case, I'm trying to determine whether the user has the "Send As" permission for another Exchange user or distribution list object).
我已经知道如何使用 ADSI 访问 ntSecurityDescriptor 属性:我可以枚举 IADsSecurityDescriptor 的 DiscretionaryACL 属性中的 ACE.但是:
I already figured out how to access the ntSecurityDescriptor attribute using ADSI: I can enumerate the ACEs in the IADsSecurityDescriptor's DiscretionaryACL property. But:
- 如何根据该数据确定受托人的代理发送"权限是明确允许还是拒绝?
- 当通过组成员资格间接授予权限时,我如何发现这一点?我真的必须通过(递归)检查用户所属的所有组来自己解析有效权限吗?当然,该任务必须有一个 API...
FWIW,我正在使用 ActiveDs.dll 类型库在 Delphi(即本机 Win32 代码)中编码,因此特定于 .NET 的解决方案不会真正帮助我,除非他们的源代码给了我如何做同样的线索本机代码中的东西.PowerShell 也是如此.
FWIW, I'm coding in Delphi (i.e. native Win32 code) using the ActiveDs.dll typelibrary, so .NET-specific solutions won't really help me much unless their source code gives me clues to how to do the same thing in native code. The same goes for PowerShell.
在任何人开始之前:我已经知道 PR_EMS_AB_PUBLIC_DELEGATES 和 PR_EMS_AB_PUBLIC_DELEGATES_BL_O 扩展 MAPI 属性.然而,这不是我所追求的.这些属性指的是代表发送"权限(也称为委托),而不是代理发送"权限,后者完全不同.
Before anyone starts: I already know about the PR_EMS_AB_PUBLIC_DELEGATES and PR_EMS_AB_PUBLIC_DELEGATES_BL_O Extended MAPI properties. However, this is not what I'm after. These properties refer to the "Send on behalf of"-right (a.k.a. delegates), not the "Send As" permission, which is quite a different thing.
推荐答案
这是解释的 MSDN 文章 - http://msdn.microsoft.com/en-us/library/windows/desktop/ms675580(v=VS.85).aspx.随附的示例显示了如何调用 API.
Here's the MSDN article that explains - http://msdn.microsoft.com/en-us/library/windows/desktop/ms675580(v=VS.85).aspx. There is an attached sample that shows how to call the API.
这篇关于如何查询对 Active Directory 对象的有效权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
