AdminAccountRetrievalService

Namespace ADPlayground

Service-account and extended admin retrieval helpers.

Inheritance

Object
AdminAccountRetrievalService

Methods

GetAdminAccountsAsync(System.String domainName, System.String ouDistinguishedName, System.Threading.CancellationToken cancellationToken)

Asynchronously retrieves comprehensive accounts with adminCount=1 from the specified domain.

Parameters

domainName System.String required: Domain to query.
ouDistinguishedName System.String required: Optional OU scope.
cancellationToken System.Threading.CancellationToken required: Cancellation token.

GetComprehensiveAdminAccounts(System.String domainName, System.String forestName, System.String maxLogonDays, System.Int32 maxPasswordDays, System.Int32 includeDisabledAccounts, System.Boolean ouDistinguishedName, System.Int32 degreeOfParallelism)

Retrieves comprehensive admin account information with configurable filtering.

Parameters

domainName System.String required: Domain to query. When null, queries all domains in the forest.
forestName System.String required: Forest name when domainName is null.
maxLogonDays System.String required: Days since last logon to consider stale.
maxPasswordDays System.Int32 required: Days since password change to consider stale.
includeDisabledAccounts System.Int32 required: Whether to include disabled accounts.
ouDistinguishedName System.Boolean required: Optional OU scope.
degreeOfParallelism System.Int32 required: Maximum parallelism for domain queries.

Returns

Collection of admin accounts matching the criteria.

GetComprehensiveAdminAccountsAsync(System.String domainName, System.String forestName, System.String maxInactiveLogonDays, System.Int32 maxPasswordAgeDays, System.Int32 includeDisabledAccounts, System.Boolean ouDistinguishedName, System.Threading.CancellationToken cancellationToken)

Gets comprehensive admin account information across domains. Queries for user accounts with adminCount=1 and includes calculated staleness indicators.

Parameters

domainName System.String required: Specific domain to query. If null, queries all domains in forest.
forestName System.String required: Specific forest to query. If null, uses current forest.
maxInactiveLogonDays System.String required: Maximum days since last logon before considering stale.
maxPasswordAgeDays System.Int32 required: Maximum days since password change before considering stale.
includeDisabledAccounts System.Int32 required: Whether to include disabled accounts in results.
ouDistinguishedName System.Boolean required: Optional OU scope.
cancellationToken System.Threading.CancellationToken required: Cancellation token.

Returns

Collection of admin account information with calculated staleness indicators.

GetInactivePrivilegedAccounts(System.String domainName, System.DateTime inactiveSince, System.String forestName, System.String ouDistinguishedName)

Returns privileged accounts that have been inactive since the provided UTC threshold.

Parameters

domainName System.String required: Domain to query. If null or empty, all domains in the current or specified forest are queried.
inactiveSince System.DateTime required: Logon time cutoff in UTC.
forestName System.String required: Optional forest to target when domainName is not specified.
ouDistinguishedName System.String required: Optional OU scope.

GetInactivePrivilegedAccountsAsync(System.String domainName, System.DateTime inactiveSince, System.String forestName, System.String ouDistinguishedName, System.Threading.CancellationToken cancellationToken)

Asynchronously returns privileged accounts that have been inactive since the provided UTC threshold.

Parameters

domainName System.String required: Domain to query or null to scan all.
inactiveSince System.DateTime required: Logon time cutoff in UTC.
forestName System.String required: Optional forest to target when domainName is not specified.
ouDistinguishedName System.String required: Optional OU scope.
cancellationToken System.Threading.CancellationToken required: Cancellation token.

GetServiceAccounts(System.String domainName, System.String ouDistinguishedName) #

Retrieves accounts that have one or more service principal names set.

Parameters

domainName System.String required: Domain to query.
ouDistinguishedName System.String required: Optional OU scope.

Returns

Collection of service accounts.

GetServiceAccountsAsync(System.String domainName, System.String ouDistinguishedName, System.Threading.CancellationToken cancellationToken)

Asynchronously retrieves accounts that have one or more service principal names set.

Parameters

domainName System.String required: Domain to query.
ouDistinguishedName System.String required: Optional OU scope.
cancellationToken System.Threading.CancellationToken required: Cancellation token.

GetStaleAdminAccounts(System.String domainName, System.Int32 maxInactiveDays, System.String forestName, System.String ouDistinguishedName, System.Int32 degreeOfParallelism)

Returns admin accounts that have not logged in for more than maxInactiveDays days.

Parameters

domainName System.String required: Domain to query. If null or empty, all domains in the current or specified forest are queried.
maxInactiveDays System.Int32 required: Number of days after which an account is considered stale.
forestName System.String required: Optional forest to target when domainName is not specified.
ouDistinguishedName System.String required: Optional OU scope.
degreeOfParallelism System.Int32 required: Maximum parallelism for domain queries.

GetStaleAdminAccountsAsync(System.String domainName, System.Int32 maxInactiveDays, System.String forestName, System.String ouDistinguishedName, System.Int32 degreeOfParallelism, System.Threading.CancellationToken cancellationToken)

Asynchronously returns admin accounts that have not logged in for more than the specified days.

Parameters

domainName System.String required: Domain to query or null to scan all.
maxInactiveDays System.Int32 required: Days after which an account is considered stale.
forestName System.String required: Optional forest when scanning all domains.
ouDistinguishedName System.String required: Optional OU scope.
degreeOfParallelism System.Int32 required: Maximum parallelism for domain queries.
cancellationToken System.Threading.CancellationToken required: Cancellation token.

GetStaleServiceAccounts(System.String domainName, System.Int32 maxPasswordAgeDays, System.Int32 maxInactiveDays, System.String forestName, System.String ouDistinguishedName, System.Int32 degreeOfParallelism)

Returns service accounts exceeding password or inactivity thresholds.

Parameters

domainName System.String required: Domain to query. When null or empty, all domains in the current or specified forest are scanned.
maxPasswordAgeDays System.Int32 required: Maximum allowed password age in days.
maxInactiveDays System.Int32 required: Number of days after which accounts are considered inactive.
forestName System.String required: Optional forest to target when domainName is not specified.
ouDistinguishedName System.String required: Optional OU scope.
degreeOfParallelism System.Int32 required: Maximum parallelism for domain queries.

GetStaleServiceAccountsAsync(System.String domainName, System.Int32 maxPasswordAgeDays, System.Int32 maxInactiveDays, System.String forestName, System.String ouDistinguishedName, System.Int32 degreeOfParallelism, System.Threading.CancellationToken cancellationToken)

Asynchronously returns service accounts exceeding password or inactivity thresholds.

Parameters

domainName System.String required: Domain to query or null to scan all.
maxPasswordAgeDays System.Int32 required: Maximum allowed password age in days.
maxInactiveDays System.Int32 required: Days after which accounts are considered inactive.
forestName System.String required: Optional forest when scanning all domains.
ouDistinguishedName System.String required: Optional OU scope.
degreeOfParallelism System.Int32 required: Maximum parallelism for domain queries.
cancellationToken System.Threading.CancellationToken required: Cancellation token.