API Reference
Class
CompositeView
Composite RODC PRP status for a domain.
Inheritance
- Object
- CompositeView
Constructors
public CompositeView(String domainName, IReadOnlyList<RodcPolicyEntry> rodcs, IReadOnlyList<RodcPolicyEntry> missingNeverReveal, IReadOnlyList<RodcPolicyEntry> revealOnDemand, IReadOnlyList<Object> orphanedKrbtgt) #Creates a new composite view.
Parameters
- domainName System.String
- Target domain DNS name.
- rodcs System.Collections.Generic.IReadOnlyList{ADPlayground.DomainControllers.RodcPolicyEntry}
- All discovered RODC entries for the domain.
- missingNeverReveal System.Collections.Generic.IReadOnlyList{ADPlayground.DomainControllers.RodcPolicyEntry}
- Subset lacking a configured Never Reveal group.
- revealOnDemand System.Collections.Generic.IReadOnlyList{ADPlayground.DomainControllers.RodcPolicyEntry}
- Subset that use Reveal On Demand groups.
- orphanedKrbtgt System.Collections.Generic.IReadOnlyList{System.Object}
- Orphaned RODC KRBTGT accounts detected in the domain.
Methods
Inherited Methods
Properties
public String DomainName { get; set; } #DNS name of the Active Directory domain the analysis was performed for.
public IReadOnlyList<RodcPolicyEntry> Rodcs { get; set; } #All RODC entries discovered in the domain along with their PRP settings.
public IReadOnlyList<RodcPolicyEntry> MissingNeverReveal { get; set; } #RODCs that do not have msDS-NeverRevealGroup configured. Every RODC should have a "Never Reveal" group to block sensitive credentials from caching on the RODC.
public IReadOnlyList<RodcPolicyEntry> RevealOnDemand { get; set; } #RODCs that have msDS-RevealOnDemandGroup set. This configuration allows on-demand caching and should be reviewed for least privilege.
public IReadOnlyList<Object> OrphanedKrbtgt { get; set; } #Orphaned RODC krbtgt_* accounts that no longer map to an active RODC.