5.1.1 QueueManager

The directory representation of a QueueManager ([MS-MQDMPR] section 3.1.1) ADM element instance can be created, deleted, read, and modified, as described in sections 3.1.6.1.1, 3.1.6.2.1, 3.1.6.3.2, 3.1.6.4.1, and 3.1.6.7.1. These operations always act on an mSMQConfiguration ([MS-ADSC] section 2.162) Active Directory object and can also act on computer ([MS-ADSC] section 2.21) and mSMQSettings ([MS-ADSC] section 2.166) objects. The default security is discussed in section 3.1.6.1.1.8.

To create the directory representation of a QueueManager ADM element instance requires at least RIGHT_DS_CREATE_CHILD ([MS-ADTS] section 5.1.3.2) access on the parent computer object. If the PublicSigningKeyList ADM attribute is present, as described in section 3.1.6.1.1.3, RIGHT_GENERIC_WRITE ([MS-ADTS] section 5.1.3.2) access is also required on the parent object. If one or more associated mSMQSettings objects are required to be created, as described in section 3.1.6.1.1.3, RIGHT_DS_CREATE_CHILD access is required on the parent objects of the mSMQSettings objects, which are of class server ([MS-ADSC] 2.249).

To delete the directory representation of a QueueManager ADM element instance requires RIGHT_DS_CREATE_CHILD access on the parent object and RIGHT_DELETE ([MS-ADTS] section 5.1.3.2) access on the mSMQConfiguration object itself. If one or more associated mSMQSettings objects exist, as described in section 3.1.6.2.1.3, RIGHT_DS_DELETE_CHILD ([MS-ADTS] section 5.1.3.2) access is required on the parent objects of the mSMQSettings objects, and RIGHT_DELETE access on the mSMQSettings objects themselves.

To read the attributes of a QueueManager ADM element instance requires RIGHT_GENERIC_READ ([MS-ADTS] section 5.1.3.2) access on the object. If any of the QualifiedComputerName, PublicSigningKeyList, OperationSystemVersion, or Clustered ADM attributes is specified, RIGHT_GENERIC_READ access on the parent object is also required.

To modify the directory representation of a QueueManager ADM element instance requires RIGHT_GENERIC_WRITE access on the object. If the PublicSigningKeyList ADM attribute is to be modified, RIGHT_GENERIC_WRITE access on the parent object is also required. As a result of this modification, one or more associated mSMQSettings objects can also be created, modified, or deleted, as described in section 3.1.6.7.1.9. To create mSMQSettings objects, RIGHT_DS_CREATE_CHILD access is required on the parent objects of the mSMQSettings objects. To modify, RIGHT_GENERIC_WRITE access is required on the mSMQSettings objects. To delete, RIGHT_DS_DELETE_CHILD access is required on the parent objects of the mSMQSettings objects, and RIGHT_DELETE access on the mSMQSettings objects themselves.