Home/ Questions/Q 9178781
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-17T17:38:00+00:00

I’d like to set List Content and List Object options for an AD (Active

  • 0

I’d like to set List Content and List Object options for an AD (Active Directory, Windows Server 2008 R2) OU for a particular user group using C# (.NET 4.0).

I managed to set the gPOptions and gPLinkproperties according to Microsoft, but I did not find an example of how to set List Content and List Object. Setting the other two properties works as shown below:

[…]

byte[] binaryForm = new byte[ groupPrincipal.Sid.BinaryLength ];
groupPrincipal.Sid.GetBinaryForm( binaryForm, 0 );
IdentityReference identityReference =
    new SecurityIdentifier( binaryForm, 0 );
PropertyAccessRule propertyAccessRule =
    new PropertyAccessRule(
        identityReference,
        AccessControlType.Allow,
        PropertyAccess.Read,
        new Guid( "...value provided by MSDN link..." ) );
...
// ouEntry is of type DirectoryEntry
ouEntry.ObjectSecurity.AddAccessRule( propertyAccessRule );
ouEntry.CommitChanges();

...
// Same for gPLink with the corresponding GUID

Please ask if you need any more information.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    List content and List object have to be set somewhat differently:

    ...
ActiveDirectoryAccessRule activeDirectoryAccessRule =
    new ActiveDirectoryAccessRule(
        identityReference,
        ActiveDirectoryRights.ListChildren | ActiveDirectoryRights.ListObject,
        AccessControlType.Allow,
        ActiveDirectorySecurityInheritance.None );
...

    This ActiveDirectoryAccessRule has to be added to the corresponding DirectoryEntry as in the question above.

    • 0