如何查询有效权限在Active Directory对象? [英] How do I query effective permissions on an Active Directory Object?
问题描述
我试图以编程方式确定当前用户是否对一个给定的Active Directory对象(特别是在这种情况下一定的权限,我试图以确定用户是否具有代理发送权限的另一个Exchange用户或分发列表对象)。
I'm trying to programmatically determine whether the current user has certain permissions on a given Active Directory object (specifically in this case, I'm trying to determine whether the user has the "Send As" permission for another Exchange user or distribution list object).
我已经想通了如何访问使用ADSI的 ntSecurityDescriptor中属性:我可以列举出的ACE的 IADsSecurityDescriptor 的 DiscretionaryACL 属性。但是:
I already figured out how to access the ntSecurityDescriptor attribute using ADSI: I can enumerate the ACEs in the IADsSecurityDescriptor's DiscretionaryACL property. But:
- 如何从这些数据判断是否为发送-permission被明确允许或拒绝对受托人?
- 如何发现这个时候,权限已被授予间接通过组成员?难道我真的被(递归)检查所有组的用户是的成员来解析有效权限自己?当然,必须有一个API,用于这项任务......
FWIW,我编码在Delphi(即本地Win32 code)将ActiveDs.dll类型库,让.NET的具体解决方案将不能真正帮助我很多,除非他们的源$ C $ C给我的线索要怎么做同样的事情在当地code。这同样适用于PowerShell的。
FWIW, I'm coding in Delphi (i.e. native Win32 code) using the ActiveDs.dll typelibrary, so .NET-specific solutions won't really help me much unless their source code gives me clues to how to do the same thing in native code. The same goes for PowerShell.
有人开始之前,我已经知道了 PR_EMS_AB_PUBLIC_DELEGATES 和 PR_EMS_AB_PUBLIC_DELEGATES_BL_O 扩展MAPI属性。但是,这不是我后。这些属性指的是代表发送右汉字(又名代表),而不是代理发送的权限,这是完全不同的事情。
Before anyone starts: I already know about the PR_EMS_AB_PUBLIC_DELEGATES and PR_EMS_AB_PUBLIC_DELEGATES_BL_O Extended MAPI properties. However, this is not what I'm after. These properties refer to the "Send on behalf of"-right (a.k.a. delegates), not the "Send As" permission, which is quite a different thing.
推荐答案
下面的解释MSDN文章 - 的 http://msdn.microsoft.com/en-us/library/windows/desktop/ms675580(V = VS.85)的.aspx 。有一个附加的示例,演示如何调用API。
Here's the MSDN article that explains - http://msdn.microsoft.com/en-us/library/windows/desktop/ms675580(v=VS.85).aspx. There is an attached sample that shows how to call the API.
这篇关于如何查询有效权限在Active Directory对象?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
