Function Reference

_AD_HasRequiredRights

Returns 1 if the given user has the required rights on the object.

#Include <AD.au3>
_AD_HasRequiredRights($sObject[, $iRight = $ADS_FULL_RIGHTS[, $sUser = @UserName]])

 

Parameters

$sObject Group or User to be checked. Can be specified as Fully Qualified Domain Name (FQDN) or sAMAccountName
$sRight Optional: Access mask constant to be checked (default = $ADS_FULL_RIGHTS (Full rights)).
Full rights is the combination of the following rights:
ADS_RIGHT_DELETE = 0x10000
ADS_RIGHT_READ_CONTROL = 0x20000
ADS_RIGHT_WRITE_DAC = 0x40000
ADS_RIGHT_WRITE_OWNER = 0x80000
ADS_RIGHT_DS_CREATE_CHILD = 0x1
ADS_RIGHT_DS_DELETE_CHILD = 0x2
ADS_RIGHT_ACTRL_DS_LIST = 0x4
ADS_RIGHT_DS_SELF = 0x8
ADS_RIGHT_DS_READ_PROP = 0x10
ADS_RIGHT_DS_WRITE_PROP = 0x20
ADS_RIGHT_DS_DELETE_TREE = 0x40
ADS_RIGHT_DS_LIST_OBJECT = 0x80
ADS_RIGHT_DS_CONTROL_ACCESS = 0x100
$sUser Optional: User to be checked. Can be specified as Fully Qualified Domain Name (FQDN) or SamAccountName (default = @UserName)

 

Return Value

Success: 1, Specified user has the required rights over the given group or user
Failure: 0, @error set
    0 - $sUser does not have the required rights over $sObject
    1 - $sUser does not exist
    2 - $sObject does not exist

 

Remarks

None.

 

Related

_AD_HasFullRights, _AD_HasUnlockResetRights, _AD_HasGroupUpdateRights

 

See Also

http://msdn.microsoft.com/en-us/library/aa772285(VS.85).aspx (ADS_RIGHTS_ENUM Enumeration)

 

Example


#AutoIt3Wrapper_AU3Check_Parameters= -d -w 1 -w 2 -w 3 -w 4 -w 5 -w 6
#AutoIt3Wrapper_AU3Check_Stop_OnWarning=Y
; *****************************************************************************
; Example 1
; Get a list of groups the current user is a member of. Then check for the
; first group in the array if the current user has delete right for the group.
; *****************************************************************************
#include <AD.au3>

; Open Connection to the Active Directory
_AD_Open()
If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended)

; Get a list of groups the current user is a member of
Global $aMemberOf = _AD_GetUserGroups()

; Check if the current user has the delete right on the first group in the array
Global $sUser = @UserName
If _AD_HasRequiredRights($aMemberOf[1], 65536, $sUser) Then
    MsgBox(64, "Active Directory Functions", "User '" & $sUser & "' has the delete right on group '" & $aMemberOf[1] & "'")
Else
    MsgBox(64, "Active Directory Functions", "User '" & $sUser & "' does not have the delete right on group '" & $aMemberOf[1] & "'")
EndIf

; Close Connection to the Active Directory
_AD_Close()