API Reference
DnsZoneAclFinding
Represents a single ACL finding for a DNS zone object.
Inheritance
- Object
- DnsZoneAclFinding
Constructors
public DnsZoneAclFinding() #Inherited Methods
Properties
public String DistinguishedName { get; set; } #Distinguished name of the zone object in AD.
public String Partition { get; set; } #Partition where the zone resides (DomainDNSZones or ForestDNSZones).
public String Sddl { get; set; } #ACL in SDDL form (when retrievable).
public Boolean ExposedToAnonymous { get; set; } #True when anonymous users have write/control exposure.
public Boolean ExposedToEveryone { get; set; } #True when Everyone has write/control exposure.
public Boolean ExposedToAuthenticatedUsers { get; set; } #True when Authenticated Users have write/control exposure.
public Boolean HasCreateChildExposure { get; set; } #True when CreateChild rights are granted to broad groups.
public Boolean HasWriteAclExposure { get; set; } #True when WriteDacl/WriteOwner is granted to broad groups.
public Boolean HasReadExposure { get; set; } #True when GenericRead/List/ReadProperty exposure is present (readable ACLs).
public Int32 AceCount { get; set; } #Total ACE count on the object (DACL).
public Int32 BroadWriteAceCount { get; set; } #Number of broad write/control ACEs (Everyone/Anonymous/Authenticated Users with write/create/dacl/owner).
public Int32 BroadReadAceCount { get; set; } #Number of broad read/list ACEs (Everyone/Anonymous/Authenticated Users with read/list).
public IReadOnlyList<OffendingPrincipal> OffendingPrincipals { get; set; } #Principals (SIDs and friendly names) that have write/control rights on the zone.