TestimoX

API Reference

Class

AceView (AdminSdHolderAclDriftEvaluator)

Edit on GitHub
Namespace ADPlayground.DirectoryOps.AdminSdHolderAclDriftEvaluator
Assembly ADPlayground
Source ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:21
Implements
IEquatable<AceView>
Modifiers sealed

Enriched ACE view for reporting (identity, classification and risk included).

Inheritance

  • Object
  • AceView

Constructors

Methods

public AceView <Clone>$() #
Returns: AceView
public virtual Boolean Equals(AceView other) #
Returns: Boolean

Parameters

obj Object requiredposition: 0
public override Int32 GetHashCode() #
Returns: Int32
public override String ToString() #
Returns: String

Properties

public String DisplayName { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:21

Friendly identity label for display (resolved name or SID/account name).

public AdministrativeIdentityType AdministrativeType { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:23

Administrative identity classification (e.g., Tier0/Privileged/Unknown).

public AclOperationKind OperationKind { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:25

Operation/rule kind inferred from the ACE (e.g., Write, Read, Control).

public Boolean HasWrite { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:27

True when the ACE grants any write/control capability.

public AclRiskLevel RiskLevel { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:29

Computed risk level for this ACE based on rights/object targeting.

public String Identity { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:33

Raw identity string (domain\name or SID).

public String Sid { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:35

Security identifier (SID) of the trustee on the ACE.

public IdentityType IdentityType { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:37

Identity kind (User, Group, Computer, WellKnownSid, etc.).

public String WriteRights { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:41

Subset of write/control rights when HasWrite is true (e.g., WriteDacl).

public String Rights { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:43

Full rights mask for the ACE.

public String RiskReason { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:45

Short explanation for the assigned RiskLevel.

public String ObjectTypeName { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:49

Well-known name for ObjectTypeGuid when applicable (e.g., user-Change-Password).

public Nullable<Guid> ObjectTypeGuid { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:51

Object type GUID targeted by the ACE when present.

public String Inheritance { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:55

Inheritance scope description (None, This object only, Children, etc.).

public Boolean IsInherited { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:57

True when the ACE is inherited rather than explicit.

public Int32 DaysSinceModification { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:59

Days since the ACE was modified (based on nTSecurityDescriptor timestamps).

public Boolean IsExpectedAdministrativeAddition { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:62

True when the ACE is treated as expected because it belongs to a core administrative trustee.

public Boolean IsExpectedDirectoryDefault { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:65

True when the ACE matches a built-in Active Directory protected-object default delegation.

public Boolean IsAllowedByOverride { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:68

True when the ACE matches an explicit trustee allow-pattern override.

public Boolean IsExpectedApplicationDelegation { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:71

True when the ACE matches a known platform/application-specific expected delegation profile.

public Boolean IsOptionalDelegation { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:74

True when the ACE matches a known optional role/product delegation profile.

public Boolean RequiresReview { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:77

True when the ACE still requires review after applying default expectations and overrides.

public String ReviewDisposition { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:80

Short disposition string describing why the ACE is or is not a review candidate.

public String ReviewReason { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:83

Short reason describing the applied review policy.

public String ExpectedDelegationProfile { get; set; } #
ADPlayground/DirectoryOps/AdminSdHolderAclDriftEvaluator.cs:86

Name of the recognized expected delegation profile, when applicable.