Listing ACEs to a File for All Objects in an OU and Below
A good example of a useful real-world task is when you are curious to see what ACEs have been set on all objects below a container, such as a domain or Organizational Unit. Example 23-4 is a piece of code that can be used as the basis for checking through an Active Directory forest looking for irregularities.
This code also could be used on the root of Active Directory when dealing with the problem outlined in Section 11.3.3 in Chapter 11. The code is fairly simple but very long, due to the fact that it has to check every constant for both the SACL and DACL of each object.
Example 23-4. Examining the ACEs on all objects below a container
On Error Resume Next '**************************************************************************** 'If the GUID corresponds to a schema object or attribute, then print the 'schema attribute/object name and the GUID. Otherwise just print the GUID. '**************************************************************************** Sub PrintGUID(ByVal objType) Dim strACEGUID, bolFound, intIndex '**************************************************************************** 'Convert a GUID that starts and ends with { } and has dashes within to a 'simple string of text '**************************************************************************** strACEGUID = Replace(Mid(objType,2,Len(objType)-2),"-","") '**************************************************************************** 'Scan the array of schema ...Get Active Directory, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
