4.1 Retrieving the Security Descriptor Property

The security descriptor property can be retrieved using a standard WebDAV PROPFIND method request, as specified in [RFC2518], by asking for the descriptor element.

For example, the descriptor element might look as follows.

 <d:descriptor  xmlns:d="http://schemas.microsoft.com/exchange/security/">
   <S:security_descriptor xmlns:S="http://schemas.microsoft.com/security/" xmlns:D="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" D:dt="microsoft.security_descriptor" S:from_mapi_tlh="1">
     <S:revision>1</S:revision>
     <S:owner S:defaulted="0">
       <S:sid>
         <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-1111</S:string_sid>
         <S:type>user</S:type>
         <S:nt4_compatible_name>ELZCHU-DOM\bob</S:nt4_compatible_name>
         <S:ad_object_guid>{138bfc4d-48e0-4d29-9de6-643ecb7314f1}</S:ad_object_guid>
         <S:display_name>bob</S:display_name>
       </S:sid>
     </S:owner>
     <S:primary_group S:defaulted="0">
       <S:sid>
         <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-513</S:string_sid>
         <S:type>group</S:type>
         <S:nt4_compatible_name>ELZCHU-DOM\Domain Users</S:nt4_compatible_name>
         <S:ad_object_guid>{f2a02601-c596-4fd2-9543-d770ba31d9e5}</S:ad_object_guid>
       </S:sid>
     </S:primary_group>
     <S:dacl S:defaulted="1" S:protected="0" S:autoinherited="1">
       <S:revision>2</S:revision>
       <S:effective_aces>
         <S:access_allowed_ace S:inherited="1">
           <S:access_mask>1f0fbf</S:access_mask>
           <S:sid>
             <S:string_sid>S-1-5-21-2082262111-2968666075-236047801-500</S:string_sid>
             <S:type>user</S:type>
             <S:nt4_compatible_name>ELZCHU-DOM\Administrator</S:nt4_compatible_name>
             <S:ad_object_guid>{41a1a32a-4d0f-41ab-ad0c-fb344ef368fd}</S:ad_object_guid>
             <S:display_name>Administrator</S:display_name>
           </S:sid>
         </S:access_allowed_ace>
         <S:access_allowed_ace S:inherited="1">
           <S:access_mask>1f0fbf</S:access_mask>
           <S:sid>
             <S:string_sid>S-1-5-7</S:string_sid>
             <S:type>well_known_group</S:type>
             <S:nt4_compatible_name>NT AUTHORITY\ANONYMOUS LOGON</S:nt4_compatible_name>
             <S:ad_object_guid>{ff158509-ee41-4c44-98c1-affd7edf6a83}</S:ad_object_guid>
           </S:sid>
         </S:access_allowed_ace>
         <S:access_allowed_ace S:inherited="1">
           <S:access_mask>1f0fbf</S:access_mask>
           <S:sid>
             <S:string_sid>S-1-1-0</S:string_sid>
             <S:type>well_known_group</S:type>
             <S:nt4_compatible_name>\Everyone</S:nt4_compatible_name>
             <S:ad_object_guid>{aa5d6b3e-3546-4f9e-8530-59ad567c6dd8}</S:ad_object_guid>
           </S:sid>
         </S:access_allowed_ace>
       </S:effective_aces>
     </S:dacl>
   </S:security_descriptor>
 </d:descriptor>