Hi, here is my problem:
i'm using VB.NET 2005 and i'm trying to decode a ntSecurityDescriptor for
AD
objects in a foreign untrusted domain. To achieve this, i get the raw
octet
data for this atribute from an object with ADSI-LDAP and convert it to a
IADsSecurityDescriptor with the IADsSecurityUtility Interface:
Dim sUtil As New ADsSecurityUtility()
Dim sd As ActiveDs.SecurityDescriptor
Dim rawData As Byte() ....<- i fill this with the LDAP data from
ntSecurityDescriptor attributes...
....
sd = sUtil.ConvertSecurityDescriptor(data,
ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_RAW,
ADS_SD_FORMAT_ENUM.ADS_SD_FORMAT_IID)
The output security descriptor object is filled correctly after this, BUT
sometimes this is REALLY SLOW (10 sec...), far to slow for checking many
DACLs in the directory. Maybe this is because the
ConvertSecurityDescriptor
method tries to resolve the SIDs in the security descriptor to friendly
names and cannot because these are SIDs from a foreign untrusted domain?
How
can i speed up this? Is there any other possibility to decode the raw data
or is there any do***entation of the data structure of an
ntSecurityDescriptor so that i could decode this by myself without
SID-account-resolving???
Thank you alot for hints,
Philipp
|
