View or set permissions on a directory object

  • Article

Applies To: Windows Server 2003 R2

To view or set permissions on a directory object

  1. Open an ADAM tools command prompt.

  2. At the command prompt, do one of the following:

    • To list the effective permissions on a directory object, type:

      **dsacls \\**hostname:portnumber\object_dn

      where hostname represents the name of the computer on which the ADAM instance that holds the directory object is running, portnumber represents the communications port number on which the ADAM instance communicates, and object_dn represents the distinguished name of the directory object.

      Example:

      dsacls \\localhost:389\O=Microsoft,C=US

    • To grant permissions on a directory object, type:

      **dsacls \\hostname:portnumber\object_dn /G user_or_group:**Permissions

      where hostname represents the name of the computer on which the ADAM instance that holds the directory object is running, portnumber represents the communications port number on which the ADAM instance communicates, object_dn represents the distinguished name of the directory object, user_or_group represents the user or group for whom the permissions apply, and Permissions represents the permissions to grant.

      Example:

      dsacls \\localhost:389\cn=Object1, cn=container1,O=Microsoft,C=US /G CN=inetuser1,O=Microsoft,C=US:SD

    • To deny permissions on a directory object, type:

      **dsacls \\hostname:portnumber\object_dn /D user_or_group:**PermissionStatement

      where hostname represents the name of the computer on which the ADAM instance that holds the directory object is running, portnumber represents the communications port number on which the ADAM instance communicates, object_dn represents the distinguished name of the directory object, user_or_group represents the user or group for whom the permissions apply, and PermissionStatement represents the permissions to deny.

      Example:

      dsacls \\localhost:389\cn=Object1, cn=container1,O=Microsoft,C=US /D CN=inetuser1,O=Microsoft,C=US:SD

Notes

  • To open an ADAM tools command prompt, click Start, point to All Programs, point to ADAM, and then click ADAM Tools Command Prompt.

  • For a complete description of all parameters that apply to dsacls, including the setting of inheritance, type dsacls /? at the ADAM tools command prompt, or see Related Topics.

  • A directory object residing on multiple replicas of a given directory partition possesses the same permissions on all of the replica partitions.

See Also

Concepts

Understanding ADAM access control
Understanding ADAM users and groups
Dsacls