https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849965#M1069 Hello<BR /><BR />I'm trying to script adssecurity (tool from adsi sdk) in order to set permissions on a folder-structure. When I define a trustee from the activedirectory by name "MillerJ". The user is found and used. But if I want to set permissions for a server local group "SomeUsers", a group by the same name from somewhere in the activedirectory is used instead of the local group from the server. If I use the syntax "server1\SomeUsers" I get the funny error message "The security ID structure is invalid".<BR />Now I'm looking for a way to address the local server group and get the correct user/group instead of just provide a name and get some user, that is found by coincidence somewhere in the ad. <BR />Does anybody know how to do this? Do I have to retrieve the SID first and use it somehow, or is there a specific syntax I need to use?<BR /><BR />(N.B. I'm not using xcacls because it doesnt seem to be able to assign very specific permissions, but only predefined sets of permissions. But maybe I'm wrong in this) Fri, 22 Nov 2002 07:28:28 GMT Andre_19 2002-11-22T07:28:28Z https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849965#M1069 Hello<BR /><BR />I'm trying to script adssecurity (tool from adsi sdk) in order to set permissions on a folder-structure. When I define a trustee from the activedirectory by name "MillerJ". The user is found and used. But if I want to set permissions for a server local group "SomeUsers", a group by the same name from somewhere in the activedirectory is used instead of the local group from the server. If I use the syntax "server1\SomeUsers" I get the funny error message "The security ID structure is invalid".<BR />Now I'm looking for a way to address the local server group and get the correct user/group instead of just provide a name and get some user, that is found by coincidence somewhere in the ad. <BR />Does anybody know how to do this? Do I have to retrieve the SID first and use it somehow, or is there a specific syntax I need to use?<BR /><BR />(N.B. I'm not using xcacls because it doesnt seem to be able to assign very specific permissions, but only predefined sets of permissions. But maybe I'm wrong in this) Fri, 22 Nov 2002 07:28:28 GMT https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849965#M1069 Andre_19 2002-11-22T07:28:28Z https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849966#M1070 Try SomeUsers@server1 <BR /><BR /><BR />Jon<BR /> Fri, 22 Nov 2002 21:33:32 GMT https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849966#M1070 Jon Finley 2002-11-22T21:33:32Z https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849967#M1071 Hi Jon<BR /><BR />Thanks for your help, but I still get the same error-message, stating that the security ID structure is invalid. <BR />The code I use is:<BR /><BR />set objace = createobject("accessControlEntry")<BR />objace.trustee = mylocalgroup@myserver1<BR />objACE.Aceflags = OBJECT_INHERIT_ACE + CONTAINER_INHERIT_ACE<BR />objAce.Acetype = ACCESS_ALLOWED_ACETYPE<BR />objAce.Accessmask = FILE_LIST_DIRECTORY<BR /><BR />set objadssec = createobject("ADssecurity")<BR />set objsecdesk = objadssec.getsecuritydescription("FILE://\\myserver1\myfolder")<BR />set objDacl = objsecdesc.discretionaryACL<BR />objsecdesc.discretionaryacl = objdacl<BR />call objadssec.SetSecurityDescription(objSecdesc)<BR /><BR />the error occurs in the last statement. I'm really not sure, if the problem might occur, because I use local groups instead of users. <BR /><BR />Thanx<BR />Andre Fri, 29 Nov 2002 08:26:59 GMT https://community.hpe.com/t5/backoffice-products/scripting-adssecurity/m-p/2849967#M1071 Andre_19 2002-11-29T08:26:59Z