Hello again!
I'm building a script that will create Adaxes Security Roles for each new customer we bring on
I'm trying to create a Role with the ability to change passwords of users.
Specifically I want to allow members of the security role to be able to Write the Password Last Set Property and Write the Account Options Property
Here's a snip of the script:
# Allow: User -> Write Account Options Property
$entry = $role.Permissions.Create()
$userClassGuid = # the GUID of the User object class
"{bf967aba-0de6-11d0-a285-00aa003049e2}"
$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = #NeedGUID for the Write Account Options Property
$entry.InheritedObjectType = $userClassGuid
$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role
# Allow: User -> Write Password Last Set Property
$entry = $role.Permissions.Create()
$userClassGuid = # the GUID of the User object class
"{bf967aba-0de6-11d0-a285-00aa003049e2}"
$entry.AccessType = "ADM_PERMISSION_TYPE_ALLOW"
$entry.AccessMask = "ADS_RIGHT_DS_WRITE_PROP"
$entry.ObjectType = #NeedGUID for the Password Last Set Property
$entry.InheritedObjectType = $userClassGuid
$entry.SetInfo() # save the permission entry
$role.Permissions.Add($entry) # add the permission to the role
I've found several examples that give me values for the ObjectType but I'm not sure how to find the right values for Permissions Properties. If there's a way to list all the properties for user or group objects it would really help me get the script finished up.