Hello,
I've got a piece of code to create a Windows server 2008 Active Directory OU tree and activate in every OU the "Protection Against Accidental Organizational Unit Deletion".
It works well done: the ACEs are there, the "Protection Against Accidental Organizational Unit Deletion" checkbox don't remains activated; but, if I check out manually the check box in only one of the OU at every level of the tree, then the ""Protection Against Accidental Organizational Unit Deletion" remains activated automatically for all the OUs in that level of the tree.
What's necessary to activate the "Protection Against Accidental Organizational Unit Deletion" automatically?
Any help will be appreciated.
(Write down only the Sub for OU Protection code)
Sub OUProtection (strOU)
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H1
Const ADS_FLAG_OBJECT_TYPE_PRESENT = &H0
Const ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT = &H2
Const ADS_ACEFLAG_INHERIT_ACE = &H0
Const ProtectionOUDeletion = &H10040
Set objSdUtil = GetObject(strOU)
Set objSD = objSdUtil.Get("ntSecurityDescriptor")
Set objDACL = objSD.DiscretionaryACL
Set objAce = CreateObject("AccessControlEntry")
objAce.Trustee = "Everyone"
objAce.AceFlags = ADS_ACEFLAG_INHERIT_ACE
objAce.AceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT
objAce.Flags = ADS_FLAG_OBJECT_TYPE_PRESENT OR ADS_FLAG_INHERITED_OBJECT_TYPE_PRESENT
objAce.ObjectType = "{00299570-246d-11d0-a768-00aa006e0529}"
objACE.InheritedObjectType = "{BF967ABA-0DE6-11D0-A285-00AA003049E2}"
objAce.AccessMask = ProtectionOUDeletion
objDACL.AddAce objAce
objSD.DiscretionaryAcl = objDACL
objSDUtil.Put "ntSecurityDescriptor", Array(objSD)
objSDUtil.SetInfo
End Sub