 |
SelfADSI - The LDAP / ADSI Scripting Tutorial |
   |
This is the attribute for the access control list (ACL), the list of objects that have permissions granted for accessing the mailbox.
NT-Security-Descriptor
| LDAP name | NT-Security-Descriptor |
| Data type | Hex value (max 4096) |
| Multivalue (Array) | No |
| Heuristic | 12 => Replicated between sites, operational attribute |
| Access category | Admin access only |
| Ex55 Database name | NT-Security-Descriptor |
The NT-Security-Descriptor attribute is an operational attribute which is not automatically retrieved by a GetObject() or an GetInfo() call. You can load such attributes into the object property cache by explicitly calling GetInfoEx(). Read more about this technique in the topic 'Reading object attributes' here in the SelfADSI tutorial.
Even if you manage to read the data of an Assoc-NT-Account attribute with GetInfoEx(), it is not that easy to handle the value. Read more about this in the section 'Object attributes of type octect string' here in the SelfADSI-Tutorial. You may get more information about the internal structure of access control lists here:
