Skip to content

ADS_ACEFLAG_ENUM

The ADS_ACEFLAG_ENUM enumeration is used to specify the behavior of an Access Control Entry (ACE) for an Active Directory object.

Syntax

enum ADS_ACEFLAG_ENUM
{
    ADS_ACEFLAG_INHERIT_ACE                = 2,    //0x2
    ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE   = 4,    //0x4
    ADS_ACEFLAG_INHERIT_ONLY_ACE           = 8,    //0x8
    ADS_ACEFLAG_INHERITED_ACE              = 16,   //0x10
    ADS_ACEFLAG_VALID_INHERIT_FLAGS        = 31,   //0x1f
    ADS_ACEFLAG_SUCCESSFUL_ACCESS          = 64,   //0x40
    ADS_ACEFLAG_FAILED_ACCESS              = 128   //0x80
}

Constants

  • Flag

  • Description

  • ADS_ACEFLAG_INHERIT_ACE

  • Child objects will inherit this access-control entry (ACE). The inherited ACE is inheritable unless the ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE flag is set.

  • ADS_ACEFLAG_NO_PROPAGATE_INHERIT_ACE

  • The system will clear the ADS_ACEFLAG_INHERIT_ACE flag for the inherited ACEs of child objects. This prevents the ACE from being inherited by subsequent generations of objects.

  • ADS_ACEFLAG_INHERIT_ONLY_ACE

  • Indicates an inherit-only ACE that does not exercise access control on the object to which it is attached. If this flag is not set, the ACE is an effective ACE that exerts access control on the object to which it is attached.

  • ADS_ACEFLAG_INHERITED_ACE

  • Indicates whether or not the ACE was inherited. The system sets this bit.

  • ADS_ACEFLAG_VALID_INHERIT_FLAGS

  • Indicates whether the inherit flags are valid. The system sets this bit.

  • ADS_ACEFLAG_SUCCESSFUL_ACCESS

  • Generates audit messages for successful access attempts, used with ACEs that audit the system in a system access-control list (SACL).

  • ADS_ACEFLAG_FAILED_ACCESS

  • Generates audit messages for failed access attempts, used with ACEs that audit the system in a SACL.

Requirements

Minimum required version: 2009.1

See also