Edit: It seems it doesn't work. Some permissions aren't copied over it seems. This is inside an Active Directory for Exchange 2010. In the screenshot, there's the user "RTCUniversalUserReadOnlyGroup", with the "permission" column empty. Those permissions don't get copied over at all. Any tips?
I'm currently having to uncheck the "Include inheritable permissions from this object's parent" checkbox in Active Directory in a programmatic way.
EDIT: Had to put the image back in URL form: http://i47.tinypic.com/2a8fed5.jpg
I figured the way to actually uncheck it, but when you do it through the interface, it asks you if you want to copy the current permissions or remove them.
Only way I found is to manually list the permissions, put them in a temporary variable and then re-add them after the checkbox was removed.
using (DirectoryEntry entry = new DirectoryEntry(myPath))
{
List<ActiveDirectoryAccessRule> rules = new List<ActiveDirectoryAccessRule>();
foreach (object ruleObject in entry.ObjectSecurity.GetAccessRules(false, true, typeof(SecurityIdentifier)))
{
ActiveDirectoryAccessRule rule = ruleObject as ActiveDirectoryAccessRule;
if (rule.IsInherited)
{
rules.Add(rule);
}
}
foreach (object ruleObject in entry.ObjectSecurity.GetAccessRules(false, true, typeof(NTAccount)))
{
ActiveDirectoryAccessRule rule = ruleObject as ActiveDirectoryAccessRule;
if (rule.IsInherited)
{
rules.Add(rule);
}
}
entry.ObjectSecurity.SetAccessRuleProtection(true, false);
foreach (var rule in rules)
{
entry.ObjectSecurity.AddAccessRule(rule);
}
entry.CommitChanges();
}
I'm wondering if there's a better way to do this and if I'm missing something. It seems to work fine for now, but it feels like a hack that will come bite me in the ass once the project will be deployed.