Hi all,
I've added a few Active Directory Extended Rights to our dev AD similar to the exchange send-as right. I've got my own objectclasses and I have applied the new rights to these classes. Now I would like to programmatically check access for an impersonated user. I can't find any support for this in S.DS. Is this my eyes failing me or is there no such functionality in S.DS?
So what I have so far.
- I've got a users AccessToken (through impersonation).
- I can read the binary SID from the object.
- I have the GUID of the extended right.
I would like to use AccessCheck() or similar function to verify the rights.
In simple terms I would like to have the following function
bool ADExtRightsAccessCheck(
IntPtr accessToken,
Guid extendedRightToCheck,
SecurityIdentifier sid);
If I understand the MSDN doc for AccessCheck() right then I can't use this function. how should I solve this? Someother API?
Regards Johan!