API Reference

Class

ActiveDirectoryDataServices

Edit on GitHub

Namespace ADPlayground

Assembly ADPlayground

Source ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:34

Provides methods for querying computer accounts by last logon time.

Inheritance

Object
ActiveDirectoryDataServices

Constructors

public ActiveDirectoryDataServices() #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:34

Initializes a new instance of the ActiveDirectoryDataServices class.

Methods

public static String[] CombineComputerAttributes(ComputerProperties set, IEnumerable<String> additionalAttributes) #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.QueryHelpers.cs:42

Returns: String[]

Combines the standard computer attribute set with additional attributes, removing duplicates.

Parameters

set ADPlayground.Helpers.ComputerProperties requiredposition: 0: Standard computer attribute set.
additionalAttributes System.Collections.Generic.IEnumerable{System.String} requiredposition: 1: Additional attributes to include.

Returns

Combined list of attributes.

public static String CombineFilters(String baseFilter, String additionalFilter) #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.QueryHelpers.cs:14

Returns: String

Combines a base LDAP filter with an additional filter using an AND expression.

Parameters

baseFilter System.String requiredposition: 0: Base LDAP filter.
additionalFilter System.String requiredposition: 1: Additional LDAP filter to AND with the base filter.

Returns

Combined LDAP filter.

public static String[] CombineGroupAttributes(GroupProperties set, IEnumerable<String> additionalAttributes, Boolean includeMembers)

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.QueryHelpers.cs:53

Returns: String[]

Combines the standard group attribute set with additional attributes, removing duplicates.

Parameters

set ADPlayground.Helpers.GroupProperties requiredposition: 0: Standard group attribute set.
additionalAttributes System.Collections.Generic.IEnumerable{System.String} requiredposition: 1: Additional attributes to include.
includeMembers System.Boolean requiredposition: 2: Whether to include the member attribute.

Returns

Combined list of attributes.

public static String[] CombineUserAttributes(UserProperties set, IEnumerable<String> additionalAttributes) #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.QueryHelpers.cs:32

Returns: String[]

Combines the standard user attribute set with additional attributes, removing duplicates.

Parameters

set ADPlayground.Helpers.UserProperties requiredposition: 0: Standard user attribute set.
additionalAttributes System.Collections.Generic.IEnumerable{System.String} requiredposition: 1: Additional attributes to include.

Returns

Combined list of attributes.

public IEnumerable<AdminAccountInfo> GetAdminAccounts(String domainName, String ouDistinguishedName = null) #

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:13

Returns: IEnumerable<AdminAccountInfo>

Retrieves comprehensive accounts with adminCount=1 from the specified domain.

Parameters

domainName System.String requiredposition: 0: Domain to query.
ouDistinguishedName System.String = null optionalposition: 1: Optional OU distinguished name.

public Task<IEnumerable<AdminAccountInfo>> GetAdminAccountsAsync(String domainName, String ouDistinguishedName = null, CancellationToken cancellationToken = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:21

Returns: Task<IEnumerable<AdminAccountInfo>>

Asynchronously retrieves comprehensive accounts with adminCount=1 from the specified domain.

Parameters

domainName System.String requiredposition: 0
ouDistinguishedName System.String = null optionalposition: 1
cancellationToken System.Threading.CancellationToken = null optionalposition: 2

public IEnumerable<AdminAccountInfo> GetComprehensiveAdminAccounts(String domainName, String forestName = null, String ouDistinguishedName = null, Int32 maxLogonDays = 90, Int32 maxPasswordDays = 365, Boolean includeDisabledAccounts = true, Int32 degreeOfParallelism = 4)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:33

Returns: IEnumerable<AdminAccountInfo>

Retrieves comprehensive admin account information with configurable filtering.

Parameters

domainName System.String requiredposition: 0
forestName System.String = null optionalposition: 1
ouDistinguishedName System.String = null optionalposition: 2
maxLogonDays System.Int32 = 90 optionalposition: 3
maxPasswordDays System.Int32 = 365 optionalposition: 4
includeDisabledAccounts System.Boolean = true optionalposition: 5
degreeOfParallelism System.Int32 = 4 optionalposition: 6

public static Task<IEnumerable<AdminAccountInfo>> GetComprehensiveAdminAccountsAsync(String domainName = null, String forestName = null, String ouDistinguishedName = null, Int32 maxInactiveLogonDays = 90, Int32 maxPasswordAgeDays = 365, Boolean includeDisabledAccounts = true, CancellationToken cancellationToken = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:141

Returns: Task<IEnumerable<AdminAccountInfo>>

Gets comprehensive admin account information across domains.

Parameters

domainName System.String = null optionalposition: 0
forestName System.String = null optionalposition: 1
ouDistinguishedName System.String = null optionalposition: 2
maxInactiveLogonDays System.Int32 = 90 optionalposition: 3
maxPasswordAgeDays System.Int32 = 365 optionalposition: 4
includeDisabledAccounts System.Boolean = true optionalposition: 5
cancellationToken System.Threading.CancellationToken = null optionalposition: 6

public IEnumerable<InactiveComputerInfo> GetInactiveComputerAccounts(String domainName, Int32 gracePeriodDays, String forestName = null)

ADPlayground/Computers/ActiveDirectoryDataServices.ComputerAccounts.cs:20

Returns: IEnumerable<InactiveComputerInfo>

Returns computer accounts that have not logged on within the specified number of days.

Parameters

domainName System.String requiredposition: 0: Domain to query. When null or empty all domains in the current or specified forest are scanned.
gracePeriodDays System.Int32 requiredposition: 1: Number of days of allowed inactivity.
forestName System.String = null optionalposition: 2: Optional forest to target when domainName is not specified.

public Task<IEnumerable<InactiveComputerInfo>> GetInactiveComputerAccountsAsync(String domainName, Int32 gracePeriodDays, String forestName = null, CancellationToken cancellationToken = null)

ADPlayground/Computers/ActiveDirectoryDataServices.ComputerAccounts.cs:35

Returns: Task<IEnumerable<InactiveComputerInfo>>

Asynchronously returns computer accounts that have not logged on within the specified number of days.

Parameters

domainName System.String requiredposition: 0: Domain to query. When null or empty all domains in the current or specified forest are scanned.
gracePeriodDays System.Int32 requiredposition: 1: Number of days of allowed inactivity.
forestName System.String = null optionalposition: 2: Optional forest to target when domainName is not specified.
cancellationToken System.Threading.CancellationToken = null optionalposition: 3: Token used to cancel the operation.

public IEnumerable<AdminAccountInfo> GetInactivePrivilegedAccounts(String domainName, DateTime inactiveSince, String forestName = null, String ouDistinguishedName = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:66

Returns: IEnumerable<AdminAccountInfo>

Returns privileged accounts that have been inactive since the provided UTC threshold.

Parameters

domainName System.String requiredposition: 0
inactiveSince System.DateTime requiredposition: 1
forestName System.String = null optionalposition: 2
ouDistinguishedName System.String = null optionalposition: 3

public Task<IEnumerable<AdminAccountInfo>> GetInactivePrivilegedAccountsAsync(String domainName, DateTime inactiveSince, String forestName = null, String ouDistinguishedName = null, CancellationToken cancellationToken = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:77

Returns: Task<IEnumerable<AdminAccountInfo>>

Asynchronously returns privileged accounts that have been inactive since the provided UTC threshold.

Parameters

domainName System.String requiredposition: 0
inactiveSince System.DateTime requiredposition: 1
forestName System.String = null optionalposition: 2
ouDistinguishedName System.String = null optionalposition: 3
cancellationToken System.Threading.CancellationToken = null optionalposition: 4

public Void GetInformation(String forestName = "", String[] includeDomains = null, String[] excludeDomains = null, String[] includeDomainController = null, String[] excludeDomainController = null, Boolean preferWritable = false, Boolean skipRODC = false)

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:95

Returns: Void

Populates information about the forest and its domains.

Parameters

forestName System.String = "" optionalposition: 0: Optional forest name to query. When empty the current forest is used.
includeDomains System.String[] = null optionalposition: 1: Specific domains to include when not querying the whole forest.
excludeDomains System.String[] = null optionalposition: 2: Domains to exclude from discovery.
includeDomainController System.String[] = null optionalposition: 3: Domain controllers to include when discovering.
excludeDomainController System.String[] = null optionalposition: 4: Domain controllers to exclude from discovery.
preferWritable System.Boolean = false optionalposition: 5: Set to true to prefer writable domain controllers.
skipRODC System.Boolean = false optionalposition: 6: Set to true to skip read-only domain controllers.

public IEnumerable<ComputerAccountInfo> GetOrphanedComputerAccounts(Int32 maxInactiveDays, Boolean includeDisabled = false, String domainName = null, String forestName = null, Int32 degreeOfParallelism = 4)

ADPlayground/Computers/ActiveDirectoryDataServices.ComputerAccounts.cs:53

Returns: IEnumerable<ComputerAccountInfo>

Returns computer accounts that have not logged on within the specified number of days.

Parameters

maxInactiveDays System.Int32 requiredposition: 0: Maximum allowed inactivity in days.
includeDisabled System.Boolean = false optionalposition: 1: Whether to include disabled computer accounts.
domainName System.String = null optionalposition: 2: Optional domain to query. When null queries all domains.
forestName System.String = null optionalposition: 3: Optional forest to target when domainName is not specified.
degreeOfParallelism System.Int32 = 4 optionalposition: 4: Maximum parallel domain queries.

Returns

Collection of orphaned computer accounts.

public List<ReplicationStatusInfo> GetReplicationStatus(String forestName) #

ADPlayground/Replication/ActiveDirectoryDataServices.Replication.cs:19

Returns: List<ReplicationStatusInfo>

Retrieves replication status information for the specified forest.

Parameters

forestName System.String requiredposition: 0: Name of the forest to query.

Returns

A list of replication status details.

public List<ReplicationStatusReport> GetReplicationStatusReport(String forestName) #

ADPlayground/Replication/ActiveDirectoryDataServices.Replication.cs:30

Returns: List<ReplicationStatusReport>

Builds a detailed replication status report.

Parameters

forestName System.String requiredposition: 0: Name of the forest.

Returns

A list of status report entries.

public String GetReplicationStatusReportJson(String forestName) #

ADPlayground/Replication/ActiveDirectoryDataServices.Replication.cs:86

Returns: String

Creates a JSON representation of the replication status report.

Parameters

forestName System.String requiredposition: 0: Name of the forest.

Returns

JSON string with the status report.

public IEnumerable<ServiceAccountInfo> GetServiceAccounts(String domainName, String ouDistinguishedName = null) #

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:85

Returns: IEnumerable<ServiceAccountInfo>

Retrieves accounts that have one or more service principal names set.

Parameters

domainName System.String requiredposition: 0
ouDistinguishedName System.String = null optionalposition: 1

public Task<IEnumerable<ServiceAccountInfo>> GetServiceAccountsAsync(String domainName, String ouDistinguishedName = null, CancellationToken cancellationToken = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:93

Returns: Task<IEnumerable<ServiceAccountInfo>>

Asynchronously retrieves accounts that have one or more service principal names set.

Parameters

domainName System.String requiredposition: 0
ouDistinguishedName System.String = null optionalposition: 1
cancellationToken System.Threading.CancellationToken = null optionalposition: 2

public ImmutableArray<SiteInfo> GetSitesAndSubnets() #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Sites.cs:17

Returns: ImmutableArray<SiteInfo>

Retrieves all sites in the current forest and their associated subnets.

Returns

An immutable collection of SiteInfo objects.

public IEnumerable<AdminAccountInfo> GetStaleAdminAccounts(String domainName, Int32 maxInactiveDays, String forestName = null, String ouDistinguishedName = null, Int32 degreeOfParallelism = 4)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:44

Returns: IEnumerable<AdminAccountInfo>

Returns admin accounts that have not logged in for more than maxInactiveDays days.

Parameters

domainName System.String requiredposition: 0
maxInactiveDays System.Int32 requiredposition: 1
forestName System.String = null optionalposition: 2
ouDistinguishedName System.String = null optionalposition: 3
degreeOfParallelism System.Int32 = 4 optionalposition: 4

public Task<IEnumerable<AdminAccountInfo>> GetStaleAdminAccountsAsync(String domainName, Int32 maxInactiveDays, String forestName = null, String ouDistinguishedName = null, Int32 degreeOfParallelism = 4, CancellationToken cancellationToken = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:56

Returns: Task<IEnumerable<AdminAccountInfo>>

Asynchronously returns admin accounts that have not logged in for more than the specified days.

Parameters

domainName System.String requiredposition: 0
maxInactiveDays System.Int32 requiredposition: 1
forestName System.String = null optionalposition: 2
ouDistinguishedName System.String = null optionalposition: 3
degreeOfParallelism System.Int32 = 4 optionalposition: 4
cancellationToken System.Threading.CancellationToken = null optionalposition: 5

public IEnumerable<ServiceAccountInfo> GetStaleServiceAccounts(String domainName, Int32 maxPasswordAgeDays, Int32 maxInactiveDays, String forestName = null, String ouDistinguishedName = null, Int32 degreeOfParallelism = 4)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:104

Returns: IEnumerable<ServiceAccountInfo>

Returns service accounts exceeding password or inactivity thresholds.

Parameters

domainName System.String requiredposition: 0
maxPasswordAgeDays System.Int32 requiredposition: 1
maxInactiveDays System.Int32 requiredposition: 2
forestName System.String = null optionalposition: 3
ouDistinguishedName System.String = null optionalposition: 4
degreeOfParallelism System.Int32 = 4 optionalposition: 5

public Task<IEnumerable<ServiceAccountInfo>> GetStaleServiceAccountsAsync(String domainName, Int32 maxPasswordAgeDays, Int32 maxInactiveDays, String forestName = null, String ouDistinguishedName = null, Int32 degreeOfParallelism = 4, CancellationToken cancellationToken = null)

ADPlayground/Users/ActiveDirectoryDataServices.Accounts.cs:117

Returns: Task<IEnumerable<ServiceAccountInfo>>

Asynchronously returns service accounts exceeding password or inactivity thresholds.

Parameters

domainName System.String requiredposition: 0
maxPasswordAgeDays System.Int32 requiredposition: 1
maxInactiveDays System.Int32 requiredposition: 2
forestName System.String = null optionalposition: 3
ouDistinguishedName System.String = null optionalposition: 4
degreeOfParallelism System.Int32 = 4 optionalposition: 5
cancellationToken System.Threading.CancellationToken = null optionalposition: 6

IsReadOnly 2 overloads

IsReadOnly(System.String DomainController) #

Check if a domain controller is read-only

Parameters

DomainController System.String required

IsReadOnly(System.DirectoryServices.ActiveDirectory.DomainController dc) #

Check if a domain controller is read-only

Parameters

dc System.DirectoryServices.ActiveDirectory.DomainController required

IsWritable(System.DirectoryServices.ActiveDirectory.DomainController dc) #

Determines whether the specified domain controller accepts write operations.

Parameters

dc System.DirectoryServices.ActiveDirectory.DomainController required: Domain controller to validate.

Returns

true when writable; otherwise false.

public Boolean TryGetDomainFunctionalLevel(String domainName, out DomainMode level) #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:537

Returns: Boolean

Attempts to retrieve the functional level for the specified domain from the in-memory overview cache.

Parameters

domainName System.String requiredposition: 0: DNS domain name.
level System.DirectoryServices.ActiveDirectory.DomainMode@ requiredposition: 1: Resolved functional level on success; Unknown on failure.

Returns

True when the level was available in the cache; otherwise false.

public Boolean TryGetForestFunctionalLevel(out ForestMode level) #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:551

Returns: Boolean

Attempts to retrieve the forest functional level from the in-memory overview cache.

Parameters

level System.DirectoryServices.ActiveDirectory.ForestMode@ requiredposition: 0: Resolved forest functional level; Unknown when not available.

Returns

True when the level was available in the cache; otherwise false.

Inherited Methods

Properties

public ForestMode ForestFunctionalLevel { get; set; } #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:50

Gets the forest functional level discovered during enumeration.

public Int32 GlobalCatalogCount { get; set; } #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:53

Gets the total number of global catalogs discovered.

public static ActiveDirectoryDataServices Default { get; } #

ADPlayground/DirectoryServices/ActiveDirectoryDataServices.Information.cs:79

Gets a shared instance of ActiveDirectoryDataServices used for convenience queries.

Fields

_default #

Lazily instantiated default instance used by the Default property.

public Dictionary<String, DomainController> DomainControllers #

Gets domain controllers indexed by domain name.

public List<String> Domains #

Gets the list of discovered domain names.

public List<DomainControllerInfo> ForestDomainControllers #

Gets domain controllers discovered in the forest.

public Dictionary<String, List<DomainControllerInfo>> DomainControllerDetails #

Gets detailed metadata for domain controllers by domain.

public List<DomainControllerInfo> ForestDomainControllerDetails #

Gets detailed metadata for all discovered domain controllers in the forest.

public String ForestName #

Gets the name of the current forest.

public List<Domain> FullDomains #

Gets the collection of discovered domains as Domain objects.

public Forest FullForest #

Gets the discovered forest object.

public Dictionary<String, Int32> DomainControllerCountsByDomain #

Gets counts of discovered domain controllers grouped by domain name.

public Dictionary<String, DomainMode> DomainFunctionalLevels #

Gets functional level per discovered domain.

public Dictionary<String, DomainController> QueryServers #

Gets preferred query servers indexed by domain name.

public String RootDomainName #

Gets the name of the root domain.