API Reference

Class

ACL

Edit on GitHub

Namespace ADPlayground.Acl

Assembly ADPlayground

Source ADPlayground/ACL/ACL.cs:27

Modifiers static

Provides helpers for working with Active Directory ACLs.

Inheritance

Object
ACL

Methods

AddAdAcl 3 overloads

public static Void AddAdAcl(DirectoryEntry entry, AclEntry aclEntry) #

ADPlayground/ACL/ACL.Mutations.cs:293

Returns: Void

Adds the specified ACL entry to a security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
entry ADPlayground.Acl.AclEntry requiredposition: 1: The ACL entry to add.

public static Void AddAdAcl(ActiveDirectorySecurity security, IdentityInfo identity, AclRights rights, AccessControlType controlType, AclInheritance inheritance)

ADPlayground/ACL/ACL.Mutations.cs:275

Returns: Void

Adds the specified ACL entry to a security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
identity ADPlayground.Identity.IdentityInfo requiredposition: 1: The identity whose SID will be used.
rights ADPlayground.Acl.AclRights requiredposition: 2: The rights to assign.
controlType System.Security.AccessControl.AccessControlType requiredposition: 3: Allow or deny.
inheritance ADPlayground.Acl.AclInheritance requiredposition: 4: Inheritance settings.

AddAdAcl(System.DirectoryServices.DirectoryEntry entry, ADPlayground.Acl.AclEntry aclEntry) #

Adds the specified ACL entry to a directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
aclEntry ADPlayground.Acl.AclEntry required: The ACL entry to add.

AddAdAclAuditRule 4 overloads

public static Void AddAdAclAuditRule(DirectoryEntry entry, IdentityInfo identity, AclRights rights, AuditFlags flags, AclInheritance inheritance)

ADPlayground/ACL/ACL.Mutations.cs:85

Returns: Void

Adds an audit rule to the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
sid System.String requiredposition: 1: The SID to audit.
rights ADPlayground.Acl.AclRights requiredposition: 2: The rights to audit.
flags System.Security.AccessControl.AuditFlags requiredposition: 3: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance requiredposition: 4: The inheritance type of the rule.

AddAdAclAuditRule(System.DirectoryServices.ActiveDirectorySecurity security, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Adds an audit rule to the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity required: The security descriptor to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity to audit.
rights ADPlayground.Acl.AclRights required: The rights to audit.
flags System.Security.AccessControl.AuditFlags required: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

AddAdAclAuditRule(System.DirectoryServices.DirectoryEntry entry, System.String sid, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Adds an audit rule to the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
sid System.String required: The SID to audit.
rights ADPlayground.Acl.AclRights required: The rights to audit.
flags System.Security.AccessControl.AuditFlags required: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

AddAdAclAuditRule(System.DirectoryServices.DirectoryEntry entry, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Adds an audit rule to the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity to audit.
rights ADPlayground.Acl.AclRights required: The rights to audit.
flags System.Security.AccessControl.AuditFlags required: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

ApplyAdAclChanges 2 overloads

public static Void ApplyAdAclChanges(DirectoryEntry entry, Nullable<AclChangeSet> changes) #

ADPlayground/ACL/ACL.cs:231

Returns: Void

Applies ACL changes to the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
changes System.Nullable{ADPlayground.Acl.AclChangeSet} requiredposition: 1: The change set to apply.

ApplyAdAclChanges(System.DirectoryServices.DirectoryEntry entry, System.Nullable{ADPlayground.Acl.AclChangeSet} changes) #

Applies ACL changes to the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
changes System.Nullable{ADPlayground.Acl.AclChangeSet} required: The change set to apply.

DisableAdAclInheritance 2 overloads

public static Void DisableAdAclInheritance(DirectoryEntry entry, Boolean removeInheritedAccessRules) #

ADPlayground/ACL/ACL.Mutations.cs:417

Returns: Void

Disables ACL inheritance for the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
removeInheritedAccessRules System.Boolean requiredposition: 1: Whether to remove inherited rules.

DisableAdAclInheritance(System.DirectoryServices.DirectoryEntry entry, System.Boolean removeInheritedAccessRules) #

Disables ACL inheritance for the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
removeInheritedAccessRules System.Boolean required: Whether to remove inherited rules.

EnableAdAclInheritance 2 overloads

public static Void EnableAdAclInheritance(DirectoryEntry entry) #

ADPlayground/ACL/ACL.Mutations.cs:393

Returns: Void

Enables ACL inheritance for the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.

EnableAdAclInheritance(System.DirectoryServices.DirectoryEntry entry) #

Enables ACL inheritance for the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.

GetAdAcl 2 overloads

public static AclInfo GetAdAcl(DirectoryEntry entry) #

ADPlayground/ACL/ACL.cs:66

Returns: AclInfo

Gets ACL information from the provided ActiveDirectorySecurity instance.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to read.

Returns

The ACL information, including owner and access entries.

Examples

Retrieve ACL from an existing directory entry.


using DirectoryEntry entry = new("LDAP://CN=Users,DC=example,DC=com");
AclInfo acl = ACL.GetAdAcl(entry);

GetAdAcl(System.DirectoryServices.DirectoryEntry entry) #

Gets ACL information from the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry whose ACL will be read.

Returns

The ACL information for the directory entry.

GetAdAclChanges 2 overloads

public static AclChangeSet GetAdAclChanges(DirectoryEntry entry, IEnumerable<AclEntry> desiredEntries) #

ADPlayground/ACL/ACL.cs:121

Returns: AclChangeSet

Computes changes required to match the desired ACL entries on a security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The current security descriptor.
desiredEntries System.Collections.Generic.IEnumerable{ADPlayground.Acl.AclEntry} requiredposition: 1: The desired set of ACL entries.

Returns

A change set describing entries to add and remove.

GetAdAclChanges(System.DirectoryServices.DirectoryEntry entry, System.Collections.Generic.IEnumerable{ADPlayground.Acl.AclEntry} desiredEntries)

Computes ACL changes for the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to compare.
desiredEntries System.Collections.Generic.IEnumerable{ADPlayground.Acl.AclEntry} required: The desired set of ACL entries.

Returns

A change set describing entries to add and remove.

GetAdAclOwner 2 overloads

public static AclOwnerInfo GetAdAclOwner(DirectoryEntry entry) #

ADPlayground/ACL/ACL.cs:291

Returns: AclOwnerInfo

Gets information about the owner of the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to inspect.

Returns

Owner information for the security descriptor.

GetAdAclOwner(System.DirectoryServices.DirectoryEntry entry) #

Gets the owner information for the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to inspect.

Returns

Owner information for the directory entry.

RemoveAdAcl 4 overloads

public static Void RemoveAdAcl(DirectoryEntry entry, IdentityInfo identity, AclRights rights, AccessControlType controlType, AclInheritance inheritance)

ADPlayground/ACL/ACL.Mutations.cs:371

Returns: Void

Removes the specified ACL entry from a security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
sid System.String requiredposition: 1: The SID to remove.
rights ADPlayground.Acl.AclRights requiredposition: 2: The rights associated with the entry.
controlType System.Security.AccessControl.AccessControlType requiredposition: 3: The access control type of the entry.
inheritance ADPlayground.Acl.AclInheritance requiredposition: 4: The inheritance type of the entry.

RemoveAdAcl(System.DirectoryServices.ActiveDirectorySecurity security, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AccessControlType controlType, ADPlayground.Acl.AclInheritance inheritance)

Removes the specified ACL entry from a security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity required: The security descriptor to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity to remove.
rights ADPlayground.Acl.AclRights required: The rights associated with the entry.
controlType System.Security.AccessControl.AccessControlType required: The access control type of the entry.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the entry.

RemoveAdAcl(System.DirectoryServices.DirectoryEntry entry, System.String sid, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AccessControlType controlType, ADPlayground.Acl.AclInheritance inheritance)

Removes the specified ACL entry from a directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
sid System.String required: The SID to remove.
rights ADPlayground.Acl.AclRights required: The rights associated with the entry.
controlType System.Security.AccessControl.AccessControlType required: The access control type of the entry.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the entry.

RemoveAdAcl(System.DirectoryServices.DirectoryEntry entry, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AccessControlType controlType, ADPlayground.Acl.AclInheritance inheritance)

Removes the specified ACL entry from a directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity to remove.
rights ADPlayground.Acl.AclRights required: The rights associated with the entry.
controlType System.Security.AccessControl.AccessControlType required: The access control type of the entry.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the entry.

RemoveAdAclAuditRule 4 overloads

public static Void RemoveAdAclAuditRule(DirectoryEntry entry, IdentityInfo identity, AclRights rights, AuditFlags flags, AclInheritance inheritance)

ADPlayground/ACL/ACL.Mutations.cs:163

Returns: Void

Removes an audit rule from the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
sid System.String requiredposition: 1: The SID to remove.
rights ADPlayground.Acl.AclRights requiredposition: 2: The rights associated with the rule.
flags System.Security.AccessControl.AuditFlags requiredposition: 3: The audit flags to match.
inheritance ADPlayground.Acl.AclInheritance requiredposition: 4: The inheritance type of the rule.

RemoveAdAclAuditRule(System.DirectoryServices.ActiveDirectorySecurity security, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Removes an audit rule from the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity required: The security descriptor to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity whose rule will be removed.
rights ADPlayground.Acl.AclRights required: The rights associated with the rule.
flags System.Security.AccessControl.AuditFlags required: The audit flags to match.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

RemoveAdAclAuditRule(System.DirectoryServices.DirectoryEntry entry, System.String sid, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Removes an audit rule from the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
sid System.String required: The SID to remove.
rights ADPlayground.Acl.AclRights required: The rights associated with the rule.
flags System.Security.AccessControl.AuditFlags required: The audit flags to match.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

RemoveAdAclAuditRule(System.DirectoryServices.DirectoryEntry entry, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Removes an audit rule from the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity whose rule will be removed.
rights ADPlayground.Acl.AclRights required: The rights associated with the rule.
flags System.Security.AccessControl.AuditFlags required: The audit flags to match.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

RestoreAdAclDefault 2 overloads

public static Void RestoreAdAclDefault(ActiveDirectorySecurity security, String defaultSecurityDescriptor, Boolean removeInheritedAccessRules)

ADPlayground/ACL/ACL.RestoreDefault.cs:25

Returns: Void

Restores the default ACL using the provided security descriptor string.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to reset.
defaultSecurityDescriptor System.String requiredposition: 1: The default security descriptor in SDDL form.
removeInheritedAccessRules System.Boolean requiredposition: 2: Whether inherited rules should be removed.

Examples

Restore default ACL on a security descriptor.


ACL.RestoreAdAclDefault(security, sddl, true);

public static Void RestoreAdAclDefault(DirectoryEntry entry, Boolean removeInheritedAccessRules) #

ADPlayground/ACL/ACL.RestoreDefault.cs:39

Returns: Void

Restores the default ACL for the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry requiredposition: 0: The directory entry to modify.
removeInheritedAccessRules System.Boolean requiredposition: 1: Whether inherited rules should be removed.

SetAdAcl 2 overloads

public static AclChangeSet SetAdAcl(DirectoryEntry entry, IEnumerable<AclEntry> entries) #

ADPlayground/ACL/ACL.cs:261

Returns: AclChangeSet

Replaces ACL entries on a security descriptor with the specified set.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
entries System.Collections.Generic.IEnumerable{ADPlayground.Acl.AclEntry} requiredposition: 1: The entries that should remain.

Returns

The change set describing modifications performed.

SetAdAcl(System.DirectoryServices.DirectoryEntry entry, System.Collections.Generic.IEnumerable{ADPlayground.Acl.AclEntry} entries)

Replaces ACL entries on the specified directory entry with the provided set.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
entries System.Collections.Generic.IEnumerable{ADPlayground.Acl.AclEntry} required: The entries that should remain.

Returns

The change set describing modifications performed.

SetAdAclAuditRule 4 overloads

public static Void SetAdAclAuditRule(DirectoryEntry entry, IdentityInfo identity, AclRights rights, AuditFlags flags, AclInheritance inheritance)

ADPlayground/ACL/ACL.Mutations.cs:241

Returns: Void

Sets an audit rule on the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
sid System.String requiredposition: 1: The SID to audit.
rights ADPlayground.Acl.AclRights requiredposition: 2: The rights to audit.
flags System.Security.AccessControl.AuditFlags requiredposition: 3: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance requiredposition: 4: The inheritance type of the rule.

SetAdAclAuditRule(System.DirectoryServices.ActiveDirectorySecurity security, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Sets an audit rule on the specified security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity required: The security descriptor to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity to audit.
rights ADPlayground.Acl.AclRights required: The rights to audit.
flags System.Security.AccessControl.AuditFlags required: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

SetAdAclAuditRule(System.DirectoryServices.DirectoryEntry entry, System.String sid, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Sets an audit rule on the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
sid System.String required: The SID to audit.
rights ADPlayground.Acl.AclRights required: The rights to audit.
flags System.Security.AccessControl.AuditFlags required: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

SetAdAclAuditRule(System.DirectoryServices.DirectoryEntry entry, ADPlayground.Identity.IdentityInfo identity, ADPlayground.Acl.AclRights rights, System.Security.AccessControl.AuditFlags flags, ADPlayground.Acl.AclInheritance inheritance)

Sets an audit rule on the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
identity ADPlayground.Identity.IdentityInfo required: The identity to audit.
rights ADPlayground.Acl.AclRights required: The rights to audit.
flags System.Security.AccessControl.AuditFlags required: The audit flags to apply.
inheritance ADPlayground.Acl.AclInheritance required: The inheritance type of the rule.

SetAdAclInheritance 2 overloads

public static Void SetAdAclInheritance(DirectoryEntry entry, Boolean enable, Boolean removeInheritedAccessRules = false) #

ADPlayground/ACL/ACL.Mutations.cs:444

Returns: Void

Sets ACL inheritance on a security descriptor.

Parameters

security System.DirectoryServices.ActiveDirectorySecurity requiredposition: 0: The security descriptor to modify.
enable System.Boolean requiredposition: 1: Whether inheritance should be enabled.
removeInheritedAccessRules System.Boolean = false optionalposition: 2: Whether to remove inherited rules when disabling.

SetAdAclInheritance(System.DirectoryServices.DirectoryEntry entry, System.Boolean enable, System.Boolean removeInheritedAccessRules)

Sets ACL inheritance on the specified directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry required: The directory entry to modify.
enable System.Boolean required: Whether inheritance should be enabled.
removeInheritedAccessRules System.Boolean required: Whether to remove inherited rules when disabling.

Inheritance

Methods

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Returns

Examples

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Returns

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Examples

Parameters

Parameters

Returns

Parameters

Returns

Parameters

Parameters

Parameters

Parameters

Parameters

Parameters

Inherited Methods

Parameters