TestimoX

API Reference

Class

RawDirectoryAclAdapter

Namespace ADPlayground.Acl
Assembly ADPlayground
Modifiers static

Converts raw Active Directory security descriptors into the legacy ACL models used by scanners without relying on managed access-rule projection.

Inheritance

  • Object
  • RawDirectoryAclAdapter

Methods

public static ActiveDirectorySecurityInheritance MapInheritance(AceFlags flags) #
Returns: ActiveDirectorySecurityInheritance

Maps raw ACE inheritance flags to the closest ActiveDirectorySecurityInheritance value.

Parameters

flags System.Security.AccessControl.AceFlags requiredposition: 0
Raw ACE flags.

Returns

Closest managed inheritance value for legacy display fields.

public static ActiveDirectoryAccessRule ProjectAccessRule(RawDirectoryAce ace) #
Returns: ActiveDirectoryAccessRule

Projects a raw ACE into an ActiveDirectoryAccessRule for compatibility callers.

Parameters

ace ADPlayground.Acl.RawDirectoryAce requiredposition: 0
Raw ACE.

Returns

Projected rule, or null for ACEs that cannot be represented by the managed rule.

public static String ResolveObjectTypeName(String domainName, Nullable<Guid> objectType) #
Returns: String

Resolves a schema or extended-right GUID to a friendly display name.

Parameters

domainName System.String requiredposition: 0
Domain name used to load schema metadata.
objectType System.Nullable{System.Guid} requiredposition: 1
Object type GUID to resolve.

Returns

Friendly name when available.

public static Nullable<AclEntryInfo> ToAclEntryInfo(RawDirectoryAce ace, String domainName = null, Nullable<DateTime> whenChanged = null) #
Returns: Nullable<AclEntryInfo>

Projects a raw ACE into the existing AdminSDHolder ACL entry model while retaining raw metadata.

Parameters

ace ADPlayground.Acl.RawDirectoryAce requiredposition: 0
Raw ACE to project.
domainName System.String = null optionalposition: 1
Domain name used for schema/extended-right display resolution.
whenChanged System.Nullable{System.DateTime} = null optionalposition: 2
Object modification time used for legacy age display.

Returns

Projected ACL entry, or null if the ACE has no trustee SID.

public static Boolean TryGetSecurityIdentifier(RawDirectoryAce ace, out SecurityIdentifier sid) #
Returns: Boolean

Tries to create a SecurityIdentifier from a raw ACE trustee field.

Parameters

ace ADPlayground.Acl.RawDirectoryAce requiredposition: 0
Raw ACE.
sid System.Security.Principal.SecurityIdentifier@ requiredposition: 1
SID when conversion succeeds.

Returns

true when the ACE has a valid trustee SID.

public static Boolean TryParse(SearchResult result, out RawDirectorySecurityDescriptor descriptor) #
Returns: Boolean

Parses nTSecurityDescriptor bytes already returned by a directory search.

Parameters

result System.DirectoryServices.SearchResult requiredposition: 0
Search result containing the descriptor property.
descriptor ADPlayground.Acl.RawDirectorySecurityDescriptor@ requiredposition: 1
Parsed raw descriptor when successful.

Returns

true when a descriptor was parsed.

public static Boolean TryRead(DirectoryEntry entry, SecurityMasks securityMasks, out RawDirectorySecurityDescriptor descriptor) #
Returns: Boolean

Reads and parses the nTSecurityDescriptor value from a directory entry.

Parameters

entry System.DirectoryServices.DirectoryEntry requiredposition: 0
Directory entry to read.
securityMasks System.DirectoryServices.SecurityMasks requiredposition: 1
Security descriptor sections to request from ADSI.
descriptor ADPlayground.Acl.RawDirectorySecurityDescriptor@ requiredposition: 2
Parsed raw descriptor when successful.

Returns

true when a descriptor was read and parsed.

public static Boolean TryReadAccessRules(DirectoryEntry entry, SecurityMasks securityMasks, out IReadOnlyList<ActiveDirectoryAccessRule> rules) #
Returns: Boolean

Reads raw DACL ACEs and projects them to legacy ActiveDirectoryAccessRule instances.

Parameters

entry System.DirectoryServices.DirectoryEntry requiredposition: 0
Directory entry to read.
securityMasks System.DirectoryServices.SecurityMasks requiredposition: 1
Security descriptor sections to request.
rules System.Collections.Generic.IReadOnlyList{System.DirectoryServices.ActiveDirectoryAccessRule}@ requiredposition: 2
Projected rules in stored ACE order.

Returns

true when a descriptor was read and projected.