API Reference
DelegationOptions
Options to control which ACEs are considered risky when analyzing privileged group delegation.
Inheritance
- Object
- DelegationOptions
Usage
This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.
Accepted by parameters
- Method AdminGroupDelegationAnalyzer.GetExplicitRiskRecords
- Method AdminGroupDelegationExposureService.Build
- Method AdminGroupDelegationService.GetSnapshot
- Method DelegationInventoryService.Build
- Method OuDelegationAnalyzer.GetExplicitRecords
- Method OuDelegationAnalyzer.GetIndirectGroupWriteRecords
- Method OuDelegationService.GetSnapshot
Constructors
public DelegationOptions() #Inherited Methods
public override Boolean Equals(Object obj) #BooleanParameters
- obj Object
Properties
public Boolean IgnoreInherited { get; set; } #Ignore inherited ACEs. Defaults to true (focus on explicit assignments).
public Boolean IgnoreDnsAdmins { get; set; } #Ignore the domain's DnsAdmins group. Defaults to true.
public HashSet<String> IgnoreSids { get; set; } #Additional SIDs (string format) to ignore.
public HashSet<String> IncludeOnlySids { get; set; } #Optional allowlist of SIDs (string format) to include. When populated, all other trustees are skipped.
public Boolean IgnoreAuthenticatedUsers { get; set; } #Ignore the well-known Authenticated Users SID (S-1-5-11). Defaults to true.
public Boolean IgnoreDomainComputers { get; set; } #Ignore the domain's Domain Computers group (RID 515). Defaults to true.
public Boolean IgnoreDomainUsers { get; set; } #Ignore the domain's Domain Users group (RID 513). Defaults to true.
public Boolean IgnoreEveryone { get; set; } #Ignore the Everyone well-known SID (S-1-1-0). Defaults to true.
public Nullable<Int32> MaxOusToAnalyze { get; set; } #Optional maximum number of OUs to analyze. When set, analysis stops after this many OUs. Defaults to unlimited.
public Nullable<Int32> TimeBudgetMs { get; set; } #Optional wall-clock time budget in milliseconds for OU analysis. When exceeded, remaining OUs are skipped. Defaults to unlimited.
public Int32 MaxDegreeOfParallelism { get; set; } #Maximum degree of parallelism for OU ACL reads. Defaults to 4.
public Boolean PreferFastIdentityResolution { get; set; } #Prefer fast local SID-to-name translation instead of directory-enriched identity lookups. Use when the caller only needs stable trustee labels and SID-based risk math.