我希望使用C#(.NET 4.0)为特定用户组设置AD(Active Directory,Windows Server 2008 R2)OU的List Content和List Object选项。< / p>
我设法根据Microsoft设置gPOptions和gPLink属性,但我没有找到如何设置List Content和List Object的示例。设置其他两个属性的工作方式如下所示:
[...]
byte[] binaryForm = new byte[ groupPrincipal.Sid.BinaryLength ];
groupPrincipal.Sid.GetBinaryForm( binaryForm, 0 );
IdentityReference identityReference =
new SecurityIdentifier( binaryForm, 0 );
PropertyAccessRule propertyAccessRule =
new PropertyAccessRule(
identityReference,
AccessControlType.Allow,
PropertyAccess.Read,
new Guid( "...value provided by MSDN link..." ) );
...
// ouEntry is of type DirectoryEntry
ouEntry.ObjectSecurity.AddAccessRule( propertyAccessRule );
ouEntry.CommitChanges();
...
// Same for gPLink with the corresponding GUID
请询问您是否需要更多信息。
答案 0 :(得分:0)
List content和List object必须设置不同:
...
ActiveDirectoryAccessRule activeDirectoryAccessRule =
new ActiveDirectoryAccessRule(
identityReference,
ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ListObject,
AccessControlType.Allow,
ActiveDirectorySecurityInheritance.None );
...
必须将此ActiveDirectoryAccessRule添加到上述问题中的相应DirectoryEntry。