Hi,
I'm trying to set access rights to a folder for an ActiveDirectory account that has just been created (using ADSI).
It seems it sometimes takes some time for the account to become available for madSecurity.
var
UserAccount: IAccount;
Security: ISecurityObject;
begin
Security := madSecurity.FileSecurity(aPathname);
if not Security.Success then Exit;
UserAccount := madSecurity.Account(aUsernameNT4);
if not UserAccount.Success then Exit; // this returns false!
Maybe it's an issue asking a different domain controller with mad.
Is there a way to solve this problem? It's not very helpful to insert "Sleep(5000)" here...
Maybe a dedicated DC can be specified?
I'm not sure how to solve this. If the user account isn't accessible for a few seconds that sounds like a Windows or API issue. You can check the documentation of LookupAccountName. There's an additional "lpSystemName" parameter I'm currently not using. But the documentation says:
Generally, specify a value for lpSystemName only when the account is in an untrusted domain and the name of a computer in that domain is known.
That doesn't sound like your situation, so I would say it's an issue with the win32 API or something else, and outside of madSecurity's control.