DelegationProtectionChecker

Edit on GitHub

Namespace ADPlayground.Delegation

Assembly ADPlayground

Source ADPlayground/Delegation/DelegationProtectionChecker.cs:15

Searches for privileged accounts missing the NOT_DELEGATED userAccountControl flag.

Inheritance

Object
DelegationProtectionChecker

Constructors

public DelegationProtectionChecker(Func<String, IEnumerable<ValueTuple<String, Int32>>> fetchAccounts = null, Func<IEnumerable<String>> enumerateDomains = null)

ADPlayground/Delegation/DelegationProtectionChecker.cs:15

Initializes a new instance of the DelegationProtectionChecker class.

Parameters

fetchAccounts System.Func{System.String,System.Collections.Generic.IEnumerable{System.ValueTuple{System.String,System.Int32}}} = null optionalposition: 0: Delegate retrieving adminCount accounts and their userAccountControl value.
enumerateDomains System.Func{System.Collections.Generic.IEnumerable{System.String}} = null optionalposition: 1: Delegate returning domain names to query.

Methods

public Void Check() #

ADPlayground/Delegation/DelegationProtectionChecker.cs:54

Returns: Void

Checks every domain in the current forest.

public Void CheckDomain(String domainName = null) #

ADPlayground/Delegation/DelegationProtectionChecker.cs:36

Returns: Void

Reports accounts in a domain that do not have the NOT_DELEGATED flag set.

Parameters

domainName System.String = null optionalposition: 0: Target domain name or null for the current domain.

public IEnumerable<ValueTuple<String, Int32>> GetAccounts(String domainName) #

ADPlayground/Delegation/DelegationProtectionChecker.cs:28

Returns: IEnumerable<ValueTuple<String, Int32>>

Gets adminCount accounts and their userAccountControl flag for a domain.

Parameters

domainName System.String requiredposition: 0: Target domain name.

Returns

Collection of account name and UAC value tuples.

Inheritance

Constructors

Parameters

Methods

Parameters

Parameters

Returns

Inherited Methods

Parameters