I am currently tasked with writing a vb app that will allow an user to input a domain user account (such as "Domain Admins") and retrieve a list of all shares (from a predifined list of available network shares) that have that account.
Technique: First, I am using the IADsAccessControlList and IADsSecurityDescriptor to retrieve the IADsAccessControlEntry for each share in the list (thus giving me the Trustee and AccessMask). I then compare all of the trustees for each share against the search phrase and return a list of shares that have a matching trustee.
Problem: I am getting multiple (duplicate) trustees for a single share. For example, I'll use the following code:
Set sd = sdUtil.GetSecurityDescript
or(strPath
, ADS_PATH_FILE, ADS_SD_FORMAT_IID)
Set dacl = sd.DiscretionaryAcl
Where strPath is a valid path to a network share (like "\\server\folder\"). I can browse out to this shared network folder and view the Properties > Security tab to see what trustees -should- be returned (like "Domain Admins", "Domain Users", etc.).
Then, for purposes of illustration, I run this code:
For Each obj In dacl
Debug.Print obj.Trustee
Next
THIS PRODUCES THE PROBLEM > It will output multiple duplicate trustees, like "Domain Admins", "Domain Admins", "Domain Users", "Domain Users", etc. It only repeats a group a MAXIMUM of twice and it does NOT always duplicate a group.
Question: Why are these groups being output twice? Is there a better way to accomplish my app's goal?
This one has got me stumped so I hope some experts out there have some ideas. Thanks!
Start Free Trial
