in reply to Re^3: perl module for AD administration
in thread perl module for AD administration

The ntSecurityDescriptor is a complex attribute, and I have not had a chance to play with it.

Leads from the internet indicate that you need to do something like this (VB): 

Const SE_DACL_PROTECTED  = &H1000
Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl

Set objUser = GetObject("LDAP://cn=TestUser,dc=MyDomain,dc=com")
Wscript.Echo "User: " & objUser.sAMAccountName

Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control

If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
  Wscript.Echo "Allow inheritable permissions check box disabled"
Else
  Wscript.Echo "Allow inheritable permissions check box enabled"
End If

[download]
Here are some links for your persual:
http://www.servernewsgroups.net/group/microsoft.public.windows.server.scripting/topic10521.aspx
http://ldap.perl.org/FAQ.html See section titled "How do I create a Microsoft Exchange user."
http://msdn.microsoft.com/en-us/magazine/cc188700.aspx

     Syntactic sugar causes cancer of the semicolon.        --Alan Perlis

In Section Seekers of Perl Wisdom