VBScript: remove ACE entry from DACL based on ACE accessmask
strObject = wscript.arguments(0)
‘CN=testuser,CN=Users,DC=t4evmdemo,DC=local
strAccessMask = wscript.arguments(1)
‘131132
‘example: cscript scriptname.vbs “CN=t4e_user,CN=users,DC=t4evmdemo,DC=local”
Set objSdUtil = GetObject(“LDAP://” & strObject & “”)
Set objSD = objSdUtil.Get(“ntSecurityDescriptor”)
Set objDACL = objSD.DiscretionaryACL
For Each ace In objDACL
If ace.AccessMask = CLng(strAccessMask) then
objDACL.RemoveAce ace
End If
Next
objSD.DiscretionaryAcl = objDACL
objSDUtil.Put “nt