开发者

How do I add permissions to an OU using C#?

开发者 https://www.devze.com 2023-01-25 13:58 出处:网络
I want to give Access Permission on OU of Active Directory. I have done some part as below, which removes all access of OU. The code is as below:

I want to give Access Permission on OU of Active Directory. I have done some part as below, which removes all access of OU. The code is as below:

DirectoryEntry rootEntry = new DirectoryEntry("LDAP://OU=Test OU,DC=test,DC=com"); 
DirectorySearcher dsFindOUs = new DirectorySearcher(rootEntry); 
 
dsFindOUs.Filter = "(objectClass=organizationalUnit)"; 
dsFindOUs.SearchScope = SearchScope.Subtree; 
SearchResult oResults = dsFindOUs.FindOne(); 
DirectoryEntry myOU = oResults.GetDirectoryEntry(); 
 
System.Security.Principal.IdentityReference newOwner = new System.Security.Principal.NTAccount("YourDomain", "YourUserName").Translate(typeof(System.Security.Principal.SecurityIdentifier)); 
ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.deny); 
myOU.ObjectSecurity.SetAccessRule(newRule); myOU.Commitchanges();

Now the problem is if I remove all the permission from AD OU then how I can give the permission again(revert the permissions again). I tried with System.Security.AccessControl.AccessControlType.Allow for newRule. Bu开发者_如何学Pythont as there is no permission for the OU it throws exception on :

SearchResult oResults = dsFindOUs.FindOne(); 
DirectoryEntry myOU = oResults.GetDirectoryEntry(); 

How can I give rights again to perticualr OU again in C#.

Update:

ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Deny);

But the problem is I have already removed all the Generic Rights, and when I try to search the OU again it won't find it again. So I can't apply the suggested logic again. You can try it out:). Give me some way, how I can access the OU again.


Simply replace this line:

ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Deny);

with this:

ActiveDirectoryAccessRule newRule = new ActiveDirectoryAccessRule(newOwner, ActiveDirectoryRights.GenericAll, System.Security.AccessControl.AccessControlType.Allow);
  • change the "Deny" to "Allow".

P.S. : Please format the code lines in your question to appear as code.

0

精彩评论

暂无评论...
验证码 换一张
取 消