TestimoX

API Reference

Class

AccountTakeoverDetector

Edit on GitHub
Namespace ADPlayground.Audit
Assembly ADPlayground
Source ADPlayground/Audit/AccountTakeoverDetector.cs:24

Provides methods to detect potential account takeover activity.

Inheritance

  • Object
  • AccountTakeoverDetector

Constructors

public AccountTakeoverDetector(Func<String, DateTime, IEnumerable<String>> passwordResets = null, Func<String, DateTime, IEnumerable<AdObjectOwnershipInfo>> ownerChanges = null, Func<String, DateTime, IEnumerable<String>> adminSdHolderChanges = null, Func<String, IEnumerable<String>, Boolean> isMemberOf = null) #
ADPlayground/Audit/AccountTakeoverDetector.cs:24

Initializes a new instance of the AccountTakeoverDetector class.

Parameters

passwordResets System.Func{System.String,System.DateTime,System.Collections.Generic.IEnumerable{System.String}} = null optionalposition: 0
Delegate retrieving accounts with recent password resets.
ownerChanges System.Func{System.String,System.DateTime,System.Collections.Generic.IEnumerable{ADPlayground.Acl.AdObjectOwnershipInfo}} = null optionalposition: 1
Delegate retrieving objects with owner changes.
adminSdHolderChanges System.Func{System.String,System.DateTime,System.Collections.Generic.IEnumerable{System.String}} = null optionalposition: 2
Delegate retrieving objects recently protected by AdminSDHolder.
isMemberOf System.Func{System.String,System.Collections.Generic.IEnumerable{System.String},System.Boolean} = null optionalposition: 3
Delegate determining membership in provided groups.

Methods

public IEnumerable<String> GetAccountsModifiedOutsideAdmins(String domainName, DateTime since, IEnumerable<String> adminGroupDns) #
Returns: IEnumerable<String>

Enumerates accounts modified since the specified date whose membership does not include allowed admin groups.

Parameters

domainName System.String requiredposition: 0
since System.DateTime requiredposition: 1
adminGroupDns System.Collections.Generic.IEnumerable{System.String} requiredposition: 2
public IEnumerable<String> GetAdminSdHolderChanges(String domainName, DateTime since) #
ADPlayground/Audit/AccountTakeoverDetector.cs:53
Returns: IEnumerable<String>

Returns accounts that became AdminSDHolder protected on or after the specified date.

Parameters

domainName System.String requiredposition: 0
since System.DateTime requiredposition: 1
public IEnumerable<AdObjectOwnershipInfo> GetOwnerChanges(String domainName, DateTime since) #
ADPlayground/Audit/AccountTakeoverDetector.cs:46
Returns: IEnumerable<AdObjectOwnershipInfo>

Returns objects whose owner was changed on or after the specified date and is not an administrator.

Parameters

domainName System.String requiredposition: 0
since System.DateTime requiredposition: 1
public IEnumerable<String> GetPasswordResets(String domainName, DateTime since) #
ADPlayground/Audit/AccountTakeoverDetector.cs:39
Returns: IEnumerable<String>

Returns accounts that had passwords reset on or after the specified date.

Parameters

domainName System.String requiredposition: 0
since System.DateTime requiredposition: 1