I was wondering if anyone has experience programmatically setting ACL's
programmatically on an ADAM object with any of the .NET languages? My
scenario is this:

I have an AD user account and a corresponding UserProfile object in ADAM
that stores information about that AD user. I want to ACL the UserProfile
object in ADAM with the AD user account so that individual UserProfile
objects can only be read or modified by their owners (i.e. corresponding AD
user account). (Note UserProfile is a custom class that I created in ADAM by
extending the schema).

Thanks,
JB

Sorry, I don't have a code sample for you, but it should be exactly the same
as adding an ACE to an AD object. Search for "Security Descriptor Property
Type" on MSDN.

--
Dmitri Gavrilov
SDE, Active Directory Core

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm

"John Brennan" <johnvbrennan@hotmail.com> wrote in message
news:e0lFhYMwDHA.2540@TK2MSFTNGP10.phx.gbl...

I'd also suggest you check out Imran Masud's posting from a few weeks ago on
issues with the IADsSecurityDescriptor and IADsAccessControlList objects.

You can use these from .NET via COM interop, but they have some weird and
unexpected behavior that Imram has documented in great detail that can help
you understand why the interfaces behave strangely in some security
contexts. That may be especially relevant for ADAM.

A google search should turn up the post.

Joe K.

"Dmitri Gavrilov [MSFT]" <dmitrig@online.microsoft.com> wrote in message
news:%233KNdFNwDHA.2540@TK2MSFTNGP10.phx.gbl...

Thanks Guys, I'll follow up on your recommendations and let you know how I
get on.

regards,
John
"Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote
in message news:e%23o9CROwDHA.2304@TK2MSFTNGP12.phx.gbl...