API Reference
DirectoryEssentialsOptions
Options controlling Directory Essentials data collection.
Inheritance
- Object
- DirectoryEssentialsOptions
Constructors
public DirectoryEssentialsOptions() #Inherited Methods
Properties
public Boolean IncludeOwners { get; set; } #Include ACL owner details for directory objects. This is expensive and should be opt-in.
public Boolean UseOwnerSecurityDescriptor { get; set; } #Prefer owner SID from ntSecurityDescriptor during the main LDAP query (reduces per-object binds). Requires IncludeOwners and explicit opt-in.
public Boolean IncludeManagerDetails { get; set; } #Include manager details (display name, status, last logon) where applicable.
public Boolean UseManagerDetailsLookup { get; set; } #Resolve manager details via targeted LDAP lookups (reduces memory, increases LDAP round-trips). Requires IncludeManagerDetails and explicit opt-in.
public Boolean IncludeGroupMemberCount { get; set; } #Include group member count (may be expensive for very large groups).
public Boolean UseGroupMemberCountRangeQuery { get; set; } #Use LDAP range retrieval to count group members (reduces memory, increases LDAP round-trips). Requires IncludeGroupMemberCount and explicit opt-in.
public Boolean IncludeManagerAcl { get; set; } #Evaluate whether the manager can update group membership (ACL check). Expensive; opt-in.
public Boolean IncludeCannotChangePassword { get; set; } #Compute CannotChangePassword flag (ACL-based). Expensive; opt-in.
public Boolean IncludeExchange { get; set; } #Include Exchange-specific attributes (msExch*) when present in schema.
public Boolean IncludeBitLocker { get; set; } #Include BitLocker recovery scan for computers (LAPS + BitLocker view).
public Boolean IncludeLapsHistory { get; set; } #Include Windows LAPS history attributes where available.
public Boolean IncludeLapsAcl { get; set; } #Include LAPS ACL scanning (SELF write permissions). Expensive; opt-in.
public Boolean LapsAclMissingOnly { get; set; } #When true, only return computers missing required LAPS ACLs.
public Boolean ResolveTrueLastLogon { get; set; } #Resolve true lastLogon across DCs (expensive).
public Int32 TrueLastLogonDegreeOfParallelism { get; set; } #Maximum concurrent DC lookups when resolving true lastLogon.
public Int32 PageSize { get; set; } #LDAP page size for large queries.
public Int32 MaxRows { get; set; } #Optional maximum number of rows returned across a collector.
public Nullable<Int32> RowLimitPerDomain { get; set; } #Optional server-side row limit per domain (explicit). Null means no limit.
public Boolean IncludeGlobalCatalogReverseLookup { get; set; } #Include reverse lookups when comparing global catalog objects.
public Int32 GlobalCatalogLimitPerDomainControllers { get; set; } #Limit global catalog queries per domain controller (0 = unlimited).
public Boolean IncludeSchemaPermissions { get; set; } #Include schema permissions summary (expensive).
public Boolean IncludeSchemaDefaultPermissions { get; set; } #Include schema default permissions summary (expensive).