Understanding AD Access Control Entries A few days ago I set out to work on making samba 4 my default LDAP server. In the process I was forced to learn about Active Directory Access controls. I found that while there was significant documentation around the syntax of these structures, very little existed explaining how to use them effectively. What's in an ACE? If you look at the the ACL of an entry in AD you'll see something like: O:DAG:DAD:AI (A;CI;RPLCLORC;;;AN) (A;;RPWPCRCCDCLCLORCWOWDSDD...
