TaHreHc
-
Posts
2 -
Joined
-
Last visited
TaHreHc's Achievements
Seeker (1/7)
0
Reputation
-
yeap, idea came Func _AD_DeleteRecordInSecurityInset($sObject,$sRecord) If _AD_ObjectExists($sObject) = 0 Then Return SetError(2, 0, 0) If StringMid($sObject, 3, 1) <> "=" Then $sObject = _AD_SamAccountNameToFQDN($sObject) ; sAMAccountName provided Local $oObject = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sObject) Local $oSecurity = $oObject.Get("ntSecurityDescriptor") Local $oDACL = $oSecurity.DiscretionaryAcl for $oACE In $oDACL If $oACE.Trustee = $sRecord then $oDACL.RemoveAce($oACE) EndIf Next $oSecurity.DiscretionaryAcl = $oDACL $oObject.Put("ntSecurityDescriptor",$oSecurity) If @error Then Return SetError(@error, 0, 0) $oObject.SetInfo If @error Then Return SetError(@error, 0, 0) EndFunc thank you for help
-
hi, thank you for ad.au3. need you help in remove information from ldap Func _AD_MyHasRightsOnUsers($sObject) If _AD_ObjectExists($sObject) = 0 Then Return SetError(2, 0, 0) If StringMid($sObject, 3, 1) <> "=" Then $sObject = _AD_SamAccountNameToFQDN($sObject) Local $oObject = __AD_ObjGet("LDAP://" & $sAD_HostServer & "/" & $sObject) If IsObj($oObject) Then Local $oSecurity = $oObject.Get("ntSecurityDescriptor") Local $oDACL = $oSecurity.DiscretionaryAcl For $oACE In $oDACL if $oACE.Trustee = 'com\user' then ; here must be code for delete this information endif next EndIf Return 0 EndFunc ;==>_AD_MyHasRightsOnUsers