TestimoX

API Reference

Class

DcSyncPermissionChecker

Edit on GitHub
Namespace ADPlayground.Acl
Assembly ADPlayground
Source ADPlayground/ACL/DcSyncPermissionChecker.cs:23

Searches for accounts granted replication permissions that allow DCSync operations.

Inheritance

  • Object
  • DcSyncPermissionChecker

Constructors

public DcSyncPermissionChecker(Func<String, IEnumerable<ActiveDirectoryAccessRule>> fetchAcl = null, Func<String, String> domainToDistinguishedName = null, Func<IEnumerable<String>> enumerateDomains = null) #
ADPlayground/ACL/DcSyncPermissionChecker.cs:23

Initializes a new instance of the DcSyncPermissionChecker class.

Parameters

fetchAcl System.Func{System.String,System.Collections.Generic.IEnumerable{System.DirectoryServices.ActiveDirectoryAccessRule}} = null optionalposition: 0
Optional delegate retrieving ACLs from a distinguished name.
domainToDistinguishedName System.Func{System.String,System.String} = null optionalposition: 1
Optional delegate converting domain name to distinguished name.
enumerateDomains System.Func{System.Collections.Generic.IEnumerable{System.String}} = null optionalposition: 2
Optional delegate returning domain names in the forest.

Methods

public Void Check() #
ADPlayground/ACL/DcSyncPermissionChecker.cs:81
Returns: Void

Searches every domain in the current forest for replication permissions.

public Void CheckDomain(String domainName = null) #
ADPlayground/ACL/DcSyncPermissionChecker.cs:64
Returns: Void

Searches a domain for accounts granted replication permissions and logs warnings.

Parameters

domainName System.String = null optionalposition: 0
Domain name or distinguished name. When null, the current domain is used.
public IEnumerable<ActiveDirectoryAccessRule> GetDcSyncAces(String dn) #
Returns: IEnumerable<ActiveDirectoryAccessRule>

Retrieves ACEs granting replication permissions used by DCSync.

Parameters

dn System.String requiredposition: 0
Distinguished name to query.

Returns

Collection of matching access rules.

Properties

public static Guid GetChangesGuid { get; } #
ADPlayground/ACL/DcSyncPermissionChecker.cs:35

Gets the GUID for the DS-Replication-Get-Changes extended right.