Demonstration script that grants fabrikam\kmyer the Send As extended right. Kmyer will be granted this right for all users in the Finance OU in Active Directory.
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1 Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2 Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 Const ADS_ACEFLAG_INHERIT_ACE = &H2 Set objSdUtil = GetObject("LDAP://OU=Finance, DC=fabrikam,DC=Com") Set objSD = objSdUtil.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryACL Set objAce = CreateObject("AccessControlEntry") objAce.Trustee = "FABRIKAM\kmyer" objAce.AceFlags = ADS_ACEFLAG_INHERIT_ACE objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT objAce.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT OR ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT objAce.ObjectType = "{ab721a54-1e2f-11d0-9819-00aa0040529b}" objACE.InheritedObjectType = "{BF967ABA-0DE6-11D0-A285-00AA003049E2}" objAce.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS objDacl.AddAce objAce objSD.DiscretionaryAcl = objDacl objSDUtil.Put "ntSecurityDescriptor", Array(objSD) objSDUtil.SetInfo
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H1 Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2 Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 Const ADS_ACEFLAG_INHERIT_ACE = &H2 Set objSdUtil = GetObject("LDAP://OU=Finance, DC=fabrikam,DC=Com") Set objSD = objSdUtil.Get("ntSecurityDescriptor") Set objDACL = objSD.DiscretionaryACL Set objAce = CreateObject("AccessControlEntry") objAce.Trustee = "FABRIKAM\kmyer" objAce.AceFlags = ADS_ACEFLAG_INHERIT_ACE objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT objAce.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT OR ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT objAce.ObjectType = "{ab721a54-1e2f-11d0-9819-00aa0040529b}" objACE.InheritedObjectType = "{BF967ABA-0DE6-11D0-A285-00AA003049E2}" objAce.AccessMask = ADS_RIGHT_DS_CONTROL_ACCESS objDacl.AddAce objAce objSD.DiscretionaryAcl = objDacl objSDUtil.Put "ntSecurityDescriptor", Array(objSD) objSDUtil.SetInfo