I want to give Access Permission on OU of Active Directory. I have done some part as below, which removes all access of OU. The code is as below:
DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com");
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry);
dsFindOUs.Filter = "(objectClass=organizationalUnit)";
dsFindOUs.SearchScope = SearchScope.Subtree;
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier));
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.deny);
myOU.ObjectSecurity.SetAccessRule(newRule); myOU.Commitchanges();
Now the problem is if I remove all the permission from AD OU then how I can give the permission again(revert the permissions again). I tried with System.Security.AccessControl.AccessControlType.Allow for newRule. Bu开发者_如何学Pythont as there is no permission for the OU it throws exception on :
SearchResult oResults = dsFindOUs.FindOne();
DirectoryEntry myOU = oResults.GetDirectoryEntry();
How can I give rights again to perticualr OU again in C#.
Update:
ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Deny);
But the problem is I have already removed all the Generic Rights, and when I try to search the OU again it won't find it again. So I can't apply the suggested logic again. You can try it out:). Give me some way, how I can access the OU again.
Simply replace this line:
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Deny);
with this:
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
- change the "Deny" to "Allow".
P.S. : Please format the code lines in your question to appear as code.
精彩评论