Use the GetCallerUiRoles procedure of the Managed Hosting namespace to obtain a list of the user interface roles the caller can perform that also shows the highest role the user has. The highest role is only meaningful if the roles are numerical. There is no convenient way to make this call directly from the Active Directory Service Interfaces (ADSI).
This procedure expects to be called with impersonate="1". The procedure impersonates the caller.
<request>
<procedure>
<execute namespace="Managed Hosting" procedure="GetCallerUiRoles" trusted="1">
<executeData>
<hostingPath>LDAP://OU=Hosting,DC=contoso,DC=com</hostingPath>
<preferredDomainController>myPrimaryDC.contoso.com</preferredDomainController>
</executeData>
</execute>
</procedure>
</request>
The following input is valid for this request:
In the <hostingPath> element, specify the Lightweight Directory Access Protocol (LDAP) path of the hosting organization.
<hostingPath>LDAP://LDAP path of the hosting organization</hostingPath>
By using the <preferredDomainController> element, you can specify the domain controller you want to use for this request. Using a single preferred domain controller eliminates replication delays that arise between multiple controllers.
This information is optional. You are not required to include this element in the request.
<preferredDomainController>your primary domain controller.domain name extension</preferredDomainController>
<response>
<data>
<hostingPath>ou=Hosting,dc=contoso01,dc=com</hostingPath>
<uiRoles>
<uiRole>5000</uiRole>
<uiRole>2000</uiRole>
<uiRole>1500</uiRole>
<uiRole>1000</uiRole>
<uiRole>0500</uiRole>
<uiRole>0100</uiRole>
<uiRole>0000</uiRole>
</uiRoles>
<highestUiRole>5000</highestUiRole>
</data>
</response>
Important