Creating security roles

The following code sample creates a security role. The role will contain permissions to create user accounts and modify the Member property of group objects.

[Reflection.Assembly]::LoadWithPartialName("Softerra.Adaxes.Adsi")

# Connect to the Adaxes service
$ns = New-Object "Softerra.Adaxes.Adsi.AdmNamespace"
$service = $ns.GetServiceDirectly("localhost")

# Bind to the 'Security Roles' container
$securityRolesPath = $service.Backend.GetConfigurationContainerPath(`
    "AccessControlRoles")
$securityRolesContainer = $service.OpenObject($securityRolesPath,
     $null, $null, 0)

# Create new security role
$role = $securityRolesContainer.Create("adm-Role", "CN=My Role")

$role.Description = "My description"
$role.Disabled = $false
$role.SetInfo()

# Allow: Create User Objects
$entry = $role.Permissions.Create()

$userClassGuid = # the GUID of the User object class
    "{bf967aba-0de6-11d0-a285-00aa003049e2}"

$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_CREATE_CHILD"
$entry.ObjectType = $userClassGuid
$entry.InheritedObjectType = [System.Guid]::Empty.ToString()

$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role

# Allow: Write 'Member' Property -> Group
$entry = $role.Permissions.Create()

$groupClassGuid = # the GUID of the Group object class
    "{bf967a9c-0de6-11d0-a285-00aa003049e2}"
$memberPropGuid = # the GUID of the Member property
    "{bf9679c0-0de6-11d0-a285-00aa003049e2}"

$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = $memberPropGuid
$entry.InheritedObjectType = $groupClassGuid

$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role

See also