TestimoX

API Reference

Class

ConstrainedDelegationAnalyzer

Edit on GitHub
Namespace ADPlayground
Assembly ADPlayground
Source ADPlayground/Kerberos/ConstrainedDelegationAnalyzer.cs:18

Provides methods to analyze constrained delegation configurations.

Inheritance

  • Object
  • ConstrainedDelegationAnalyzer

Remarks

See usage examples in the unit tests for typical scenarios.

Constructors

public ConstrainedDelegationAnalyzer(Func<String, IEnumerable<DelegationEntry>> fetchDelegations = null, Func<String, String, Boolean> validateTarget = null, Func<IEnumerable<String>> enumerateDomains = null) #
ADPlayground/Kerberos/ConstrainedDelegationAnalyzer.cs:18

Initializes a new instance of the ConstrainedDelegationAnalyzer class.

Parameters

fetchDelegations System.Func{System.String,System.Collections.Generic.IEnumerable{ADPlayground.DelegationEntry}} = null optionalposition: 0
Delegate retrieving delegation data for a domain.
validateTarget System.Func{System.String,System.String,System.Boolean} = null optionalposition: 1
Delegate validating that a target SPN exists.
enumerateDomains System.Func{System.Collections.Generic.IEnumerable{System.String}} = null optionalposition: 2
Delegate returning domain names to process.

Methods

public Void Check() #
ADPlayground/Kerberos/ConstrainedDelegationAnalyzer.cs:74
Returns: Void

Logs warnings for invalid delegation targets across the forest.

public Void CheckDomain(String domainName = null) #
ADPlayground/Kerberos/ConstrainedDelegationAnalyzer.cs:58
Returns: Void

Logs warnings for invalid delegation targets in the given domain.

Parameters

domainName System.String = null optionalposition: 0
Domain to check or null for the current domain.
public IEnumerable<DelegationValidationResult> ValidateDomain(String domainName) #
Returns: IEnumerable<DelegationValidationResult>

Validates the delegation targets configured in the specified domain.

Parameters

domainName System.String requiredposition: 0
Target domain name.

Returns

Collection of validation results.

public IEnumerable<DelegationValidationResult> ValidateForest() #
Returns: IEnumerable<DelegationValidationResult>

Validates delegation targets across all domains in the forest.

Returns

Collection of validation results.