The Initialize method initializes the authorization manager.
HRESULT Initialize( LONG lFlags, BSTR bstrPolicyURL, VARIANT varReserved );
Flags that control the behavior of the initialization. This parameter can be one of the following values.
||The authorization store is opened for use by the Update method and the AccessCheck method.|
||The calling application is required to have SE_AUDIT_PRIVILEGE; if the application does not have the audit privilege, the Initialize method fails.|
||The provider is notified that many objects will be modified or created. The provider then optimizes submission of the changes for better performance. Use this flag only when multiple child objects of an AzAuthorizationStore object are updated simultaneously, such as during an install or a controlled batch update.|
||The system attempts to create the policy store specified by the bstrPolicyURL parameter.|
||An existing store is opened for management purposes. Run-time routines cannot be performed.|
If the AZ_AZSTORE_FLAG_CREATE flag is specified:
- The system will attempt to create the underlying policy store specified by the bstrPolicyURL parameter.
- If the specified policy store exists, the Initialize method will fail with ERROR_ALREADY_EXISTS.
- You must call the Submit method to persist any changes made by this method.
- The UpdateCache method will fail until the Submit method is called. The underlying policy store is actually created when Submit is called.
Location of the persistent copy of the authorization policy database.
This string must contain both the policy URL prefix and the provider-specific policy location. Authorization Manager uses the provider prefix to load the appropriate provider. The store is loaded from the provider-specific policy location. No spaces are allowed in the policy URL prefix.
The policy URL prefix for an Active Directory store is msldap:. The general format for the URL is as follows:
The server name and the port are optional. If a server name is not provided, the default domain controller is used. If a port is not specified, the default LDAP port (LDAP_PORT, 389) is used. The distinguished name (DN) for the store begins with the relative distinguished name (RDN) of the AzAuthorizationStore object. For example, if the RDN of the AzAuthorizationStore object is MyStore and MyStore is in an organizational unit (OU) named AzMan, a possible URL for the Active Directory store is as follows:
The policy URL prefix for an XML store is msxml:. The general format for an XML store URL is the same as for a file URL, as shown in the following examples:
Reserved for future use. This parameter can be one of the following values:
- varReserved.vt == VT_ERROR and varReserved.scode == DISP_E_PARAMNOTFOUND
- varReserved.vt == VT_EMPTY
- varReserved.vt == VT_NULL
- varReserved.vt == VT_I4 and varReserved.lVal == 0
- varReserved.vt == VT_I2 and varReserved.iVal == 0
If the method succeeds, the method returns S_OK.
If the bstrPolicyURL parameter is not valid, the method returns HRESULT_FROM_WIN32(ERROR_INVALID_NAME).
If the method fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common HRESULT Values.
Active Directory supports Application Partitions, which are also known as Non-Domain Naming Contexts. These partitions are used as a location for programs to store application data. An Authorization Manager policy store cannot be created or kept in the Application Partition; instead, use the Program Data container as the container for Active Directory Authorization Manager policy stores.
|Minimum supported client||Windows Vista [desktop apps only]|
|Minimum supported server||Windows Server 2003 [desktop apps only]|
|Redistributable||Windows Server 2003 Administration Tools Pack on Windows XP|