GetRoleAssignmentsFromForest

Returns the collection of all role assignments associated with a user in a specified Active Directory forest.

Syntax

IRoleAssignments GetRoleAssignmentsFromForest(string forest)

Parameters

Specify the following parameter when using this method:

Parameter Description

forest

The forest to search for the user’s role assignments.

Return value

A collection of role assignment objects representing all of the role assignments explicitly assigned to this user in the specified forest or in the currently joined forest.

Discussion

This method only returns the role assignments that have been explicitly assigned to the user. The method will look for stored credentials to access the specified forest. If there are no stored credentials, the method uses the default credentials for the current user.

If you don’t specify a forest by passing an empty string ("") to the method, the method returns role assignments from the currently joined forest.

Example

The following code sample illustrates using GetRoleAssignmentsFromForest in a script:

...
# New Cims object
$cims = New-Object ("Centrify.DirectControl.API.Cims");
# Get IUser object
$objUserDn = "CN=user1,CN=Users,DC=domain,DC=com";
$objUser = $cims.GetUser($objUserDn);
# Get role assignments from forest
$objUser.GetRoleAssignmentsFromForest("forest.com")
...