Discussion:
How to check if an attribute is modifiable by the logged in user
(too old to reply)
Saqib Ali
19 years ago
Permalink
In VB how can I check if a AD attribute is modifiable by the logged in user?

Thanks.
Saqib Ali
http://www.xml-dev.com/blog/
Joe Kaplan (MVP - ADSI)
19 years ago
Permalink
Get the allowedAttributesEffective attribute when bound as the logged in
user and check to see if the attribute in question is in the array that is
returned. In VB.NET, you use RefreshCache(New String()
{"allowedAttributesEffective"}) to load the property and in VB you use
GetInfoEx.

Joe K.
Post by Saqib Ali
In VB how can I check if a AD attribute is modifiable by the logged in user?
Thanks.
Saqib Ali
http://www.xml-dev.com/blog/
Saqib Ali
19 years ago
Permalink
Post by Joe Kaplan (MVP - ADSI)
Get the allowedAttributesEffective attribute when bound as the logged in
user and check to see if the attribute in question is in the array that is
returned. In VB.NET, you use RefreshCache(New String()
{"allowedAttributesEffective"}) to load the property and in VB you use
GetInfoEx.
Hi Joe,

Thanks for the response. However the problem with
"allowedAttributesEffective" is that it only returns attributes that are
currently set.

We are adding new attributes to the schema. So most objects in our AD
these custom attributes are not set.

So "allowedAttributesEffective" will not work for us. :-(


Thanks.
Saqib Ali
http://www.xml-dev.com/blog/
Joe Kaplan (MVP - ADSI)
19 years ago
Permalink
When I check allowedAttributesEffective, I get the complete list of
attributes I can modify, regardless of whether they are set or not. If the
attributes are not yet added to the schema, that would be different, but
otherwise it works fine.

Your alternative is not pretty as you would need to try to digest the
security descriptor directly. This is quite hard to do without making a
mistake. I would not even attempt it.

Joe K.
Post by Saqib Ali
Hi Joe,
Thanks for the response. However the problem with
"allowedAttributesEffective" is that it only returns attributes that are
currently set.
We are adding new attributes to the schema. So most objects in our AD
these custom attributes are not set.
So "allowedAttributesEffective" will not work for us. :-(
Thanks.
Saqib Ali
http://www.xml-dev.com/blog/
Loading...