Setting AD Objects Security Properties

Setting AD Objects Security Properties

Post by Rajesh Chack » Mon, 23 Jul 2001 11:18:37


I am an administrator and has been able to develop some VB-ADSI code to add
users to group etc. Now I am looking to do some coding to set the Active
Directory Objects Security Properties.

For Eg. I need to remove Read Permission for Authenticated users from all OU
(security tab) and add a different group and give it read permission.

Another Eg is to set the Distribution List Properties to set the "Accept
Only From" to a specific group.

I guess I have to play around with Access Control List. Can someone please
give me some direction.


Rajesh Abraham Chacko


1. VB.NET: Can't access the properties of multiple AD objects at a time


I've been trying to write a little app to streamline the way our
Administrators create, modify and kill users.  Below is a code snippet.
Basically I want to search for all users matching a criteria (in this case
based on "CN"), and report all the properties of those users.  The below
works, but it only reports the first entry.  The result.count can equal 2,
but only the properties of the first result will be displayed.  It gets as
far as "For Each propName In deBind.Properties.PropertyNames" on the second
result and kicks out.  No error, just jumps to "Next propName" and then ends
(as it is supposed to when no more results our found).  I'm at a loss as to
what the problem is.  I'm not a VB guru, just know some of the basics.  Does
anybody know what I am missing/doing wrong?



------CODE SNIPPET-------
Dim deBind As New System.DirectoryServices.DirectoryEntry()
Dim dePath As String
Dim propName As String
Dim propValue As Object
Dim root As New
Dim searcher As New System.DirectoryServices.DirectorySearcher(root)
Dim fltr As String
Dim result As SearchResult
Dim results As SearchResultCollection

fltr = "(cn=" & txtName.Text & ")"
searcher.Filter = fltr
results = searcher.FindAll()

If results.Count >= 1 Then
    For Each result In results
        dePath = result.GetDirectoryEntry.Path.ToString
        deBind.Path = dePath
            For Each propName In deBind.Properties.PropertyNames
                For Each propValue In deBind.Properties(propName)
                    rchStatus.Text = rchStatus.Text & "PropertyName: " &
propName & "PropertyValue: " & System.Convert.ToString(propValue) & vbCrLf
                Next propValue
             Next propName
Next result
Else : rchStatus.Text = "Error: Object not found!"

2. Emplant and Amax IV

3. Adding Properties to an AD Object


5. AD Object Property Limit 1000?

6. Old Fonts and New Computers

7. Retrieving all properties of AD objects

8. Calling a DLL directly from within lotusscript ?

9. Is there way to change a property from optional to mandatory for and object in AD?

10. How do you Change the FULLNAME property of an object in AD?

11. How to set properties using DirectoryEntry object

12. Setting ACLs on an AD object

13. Removing Object setting. LockoutTime on AD account.