Sign in
 

none
Where can I find a good explanation of the following: InheritanceType ObjectType InheritedObjectType ObjectFlags AccessControlType IdentityReference InheritanceFlags PropagationFlags

 > 

    Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello

    Can someone please advise me where I can find a good explanation on all of the following, when it comes to Active Directory Rights

    InheritanceType

    ObjectType

    InheritedObjectType

    ObjectFlags

    AccessControlType

    IdentityReference

    InheritanceFlags

    PropagationFlags

    I understand some of the subject matter, but not all and in particular the relationships between all of the above. I have found the odd post or blog on the internet with may attempt to explain one or two of the above but not all and not how they all relate.

    Does anyone know where  the official Microsoft Documentation is, where all of the above are explained, hopefully with a few related examples.

    So when I look at output like the4 items below I can work out exactly what it means. I already know how to translate the GUIDs so no problems there, it just understands exactly where and how the right apply including inheritance.

    Thanks everyone

    1)

    ActiveDirectoryRights : ExtendedRight

    InheritanceType       : Descendents

    ObjectType            : ab721a53-1e2f-11d0-9819-00aa0040529b

    InheritedObjectType   : bf967a86-0de6-11d0-a285-00aa003049e2

    ObjectFlags           : ObjectAceTypePresent, InheritedObjectAceTypePresent

    AccessControlType     : Allow

    IdentityReference     : MyDomain\SomeUser

    IsInherited           : False

    InheritanceFlags      : ContainerInherit

    PropagationFlags      : InheritOnly

    2)

    ActiveDirectoryRights : Self, ReadProperty, WriteProperty

    InheritanceType       : Descendents

    ObjectType            : 72e39547-7b18-11d1-adef-00c04fd8d5cd

    InheritedObjectType   : bf967a86-0de6-11d0-a285-00aa003049e2

    ObjectFlags           : ObjectAceTypePresent, InheritedObjectAceTypePresent

    AccessControlType     : Allow

    IdentityReference     : MyDomain\SomeUser

    IsInherited           : False

    InheritanceFlags      : ContainerInherit

    PropagationFlags      : InheritOnly

    3)

    ActiveDirectoryRights : ExtendedRight

    InheritanceType       : Descendents

    ObjectType            : 00299570-246d-11d0-a768-00aa006e0529

    InheritedObjectType   : bf967a86-0de6-11d0-a285-00aa003049e2

    ObjectFlags           : ObjectAceTypePresent, InheritedObjectAceTypePresent

    AccessControlType     : Allow

    IdentityReference     : MyDomain\SomeUser

    IsInherited           : False

    InheritanceFlags      : ContainerInherit

    PropagationFlags      : InheritOnly

    4)

    ActiveDirectoryRights : ExtendedRight

    InheritanceType       : All

    ObjectType            : 1131f6aa-9c07-11d1-f79f-00c04fc2dcd2

    InheritedObjectType   : 00000000-0000-0000-0000-000000000000

    ObjectFlags           : ObjectAceTypePresent

    AccessControlType     : Allow

    IdentityReference     MyDomain\SomeGroup

    IsInherited           : False

    InheritanceFlags      : ContainerInherit

    PropagationFlags      : None


    AAnotherUser__

    Thursday, March 16, 2017 4:59 PM
    |

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Typo above I meant to say

    I it just want to understand exactly where and how the right apply including inheritance.

    :)

    AAnotherUser__

    Thursday, March 16, 2017 5:01 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,
    Have you seen the following article? https://msdn.microsoft.com/en-us/library/system.directoryservices.activedirectoryaccessrule(v=vs.110).aspx

    Based on my research, it seems that there is no more documents about it.
    Best regards,
    Wendy

     

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, March 17, 2017 8:22 AM
    |
    Moderator
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Wendy,

    Thanks very much for taking the time to reply, the above is helpful

    unfortunately as you say there is not a lot of documentation on it, for example when you click on 'InheritanceType above it takes you to the relevant MSDN page, but it does not explain what are the possible types from the list of possible interitanceTypes and what each means (and how they are related).

    It is a shame Microsoft (or someone else) has not documented 'all' of these 'with several examples' showing 'how they work together' and related to one another (at least I have not found one so far).

    Perhaps you could ping and email internally to the Microsoft Directory Services Team (I assume you work for MS) in case they just happen to have such an explanation they can offer the URL for so help me fill in the gaps in my knowledge regarding this (I only understand some of it).

    Thanks very much

    __AAnotherUser 

    AAnotherUser__

    Friday, March 17, 2017 8:44 AM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello Again

    I found this link https://msdn.microsoft.com/en-us/library/windows/desktop/aa374857(v=vs.85).aspx

    Which is very close to what I need, I think I will have to work through the details in the above link and the associated links (from that page) and some experimenting in my LAB) to get to grips with it

    If anyone else has any other links please let me know

    Thanks

    __AAnotherUser

    AAnotherUser__

    Friday, March 17, 2017 1:38 PM
    |
  • Question
    Sign in to vote
    0
    Sign in to vote
    Hi,
    Appreciate for your great share and feedback and thanks for your suggestions. I understand that the issue brought some trouble to you. Sorry for all these inconvenience. We will report your feedback to the relating Team for further confirmation.
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, March 22, 2017 7:36 AM
    |
    Moderator