More on Active Directory and security stuff

Gosh, this week have been painfully tiring. Yesterday I ran into Rob in the hall way and he said he was tired and stressed out. Rob always appear to be confident and with great pride. If it wasn't I heard it myself, I wouldn't believe Rob actually said he is tired. Wow, I have a mixed feeling knowing that I am not the only one suffering from the schedule.

Anyways, some good news on the progress:

1. Now I can do standard operations on my AD objects: Creation, update, deletion, all works well. I'd still need some time to make code up to production level, though, but it is really good.
   
2. I can tell whether the AD is read-only now. To do that, simply make a call using ADsOpenObject, if it failed, try ADsOpenObject again with ADS_READONLY_SERVER flag. If the 2^nd call succeeded, it means the main directory was down and we're using a RODC. Wait, is RODC even related to AD? Huh…hum..
   

But bad news here too, I'm still blocked on detecting whether the user has write/delete permission on a particular object. GetNamedSecurityInfo keeps failing on me…huh, that sucks. :-(