TestimoX

API Reference

Class

LapsOuDelegationScanner

Edit on GitHub
Namespace ADPlayground.Delegation
Assembly ADPlayground
Source ADPlayground/Delegation/LapsOuDelegationScanner.cs:62
Modifiers static

Scans OU containers for delegations that allow reading LAPS passwords. Supports legacy LAPS (ms-Mcs-AdmPwd) and Windows LAPS (msLAPS-Password). Requires object-type specific read on the attribute GUID and inheritance to Computer objects.

Inheritance

  • Object
  • LapsOuDelegationScanner

Methods

public static View Evaluate(String domainName) #
ADPlayground/Delegation/LapsOuDelegationScanner.cs:62
Returns: View

Scans OU ACLs for attribute‑specific read rights that expose LAPS secrets (legacy, Windows, DSRM).

Parameters

domainName System.String requiredposition: 0
DNS domain name to evaluate.

Returns

Aggregated View with matching ACEs.