Events
May 19, 6 PM - May 23, 12 AM
Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.
Register todayHow Security Affects Operations in Active Directory Domain Services
Active Directory Domain Services use access control to grant or deny access to objects, properties, and operations based on the identity of the user performing the access attempt. When your application binds to the directory, it binds with specific user credentials. When authenticated, these credentials determine your application's security context. Regardless of whether the credentials are those of the logged-on user, a specified user, a service account, a computer account, or an unauthenticated user (Guest/Everyone), the Active Directory server verifies the user's right to access an object before any operation is performed on that object. The user may, or may not, have access to a particular object, its children, its properties, or operations on that object, which means that your application must handle the potential errors caused by denied access.
For more information about security contexts and the effects of access control on various operations, see:
- Access Control and Read Operations
- Access Control and Write Operations
- Access Control and Object Creation
- Access Control and Object Deletion
Additional resources
Training
Module
Manage security in Active Directory - Training
This module focuses on maintaining security in an Active Directory environment. It covers things from permissions management to authentication methods to identifying problematic accounts.
Certification
Microsoft Certified: Identity and Access Administrator Associate - Certifications
Demonstrate the features of Microsoft Entra ID to modernize identity solutions, implement hybrid solutions, and implement identity governance.
Documentation
-
IADsAccessControlList (iads.h) - Win32 apps
The IADsAccessControlList interface is a dual interface that manages individual access-control entries (ACEs).
-
IADsSecurityDescriptor (iads.h) - Win32 apps
Provides access to properties on an ADSI security descriptor object.
-
Controlling Access to Objects and Their Properties - Win32 apps
To control access to application objects, work with the object security descriptor, and specifically, with the discretionary access-control list (DACL) and its list of access-control entries (ACEs).