API Reference

Class

LdapFilters

Edit on GitHub

Namespace ADPlayground.Helpers

Assembly ADPlayground

Source ADPlayground/Helpers/LdapFilters.cs:62

Modifiers static

Common LDAP filter constants used across modules.

Inheritance

Object
LdapFilters

Methods

public static String ObjectsByClass(String objectClass) #

ADPlayground/Helpers/LdapFilters.cs:72

Returns: String

Filter for objects of a given class.

Parameters

objectClass System.String requiredposition: 0

public static String UsersByGroup(String groupDN) #

ADPlayground/Helpers/LdapFilters.cs:62

Returns: String

Filter for users in a group.

Parameters

groupDN System.String requiredposition: 0

public static String UsersByUacFlag(Int32 flag) #

ADPlayground/Helpers/LdapFilters.cs:67

Returns: String

Filter for users with a specific UAC flag.

Parameters

flag System.Int32 requiredposition: 0

Inherited Methods

Fields

public const String AllUsers #

Filter for all user accounts.

Value: (&(objectCategory=person)(objectClass=user))

public const String AllComputers #

Filter for all computer objects.

Value: (&(objectCategory=computer)(objectClass=computer))

public const String AllServers #

Filter for all server OS computers.

Value: (&(objectCategory=computer)(objectClass=computer)(operatingSystem=*Server*))

public const String EnabledComputers #

Filter for enabled computers.

Value: (&(objectCategory=computer)(objectClass=computer)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

public const String EnabledServers #

Filter for enabled servers.

Value:

(&(objectCategory=computer)(objectClass=computer)(operatingSystem=*Server*)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

public const String AllGroups #

Filter for all groups.

Value: (objectCategory=group)

public const String EnabledUsers #

Filter for enabled users.

Value: (&(objectCategory=person)(objectClass=user)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))

public const String DisabledUsers #

Filter for disabled users.

Value: (&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

public const String AdminUsers #

Filter for administrative users.

Value: (&(objectCategory=person)(objectClass=user)(adminCount=1))

public const String ServiceAccounts #

Filter for SPN-bearing accounts considered service accounts: - Regular users with SPNs (objectCategory=person AND objectClass=user AND servicePrincipalName=*) - Managed Service Accounts (msDS-ManagedServiceAccount) with SPNs - Group Managed Service Accounts (msDS-GroupManagedServiceAccount) with SPNs

Value:

(|(&(objectCategory=person)(objectClass=user)(servicePrincipalName=*))(&(objectClass=msDS-ManagedServiceAccount)(servicePrincipalName=*))(&(objectClass=msDS-GroupManagedServiceAccount)(servicePrincipalName=*)))

public const String UsersAndMsas #

Filter for user-like accounts including MSAs/gMSAs (excludes computers): ( (person+user) OR msDS-ManagedServiceAccount OR msDS-GroupManagedServiceAccount ). Useful when a rule should include managed service accounts alongside users.

Value:

(|(&(objectCategory=person)(objectClass=user))(objectClass=msDS-ManagedServiceAccount)(objectClass=msDS-GroupManagedServiceAccount))

public const String Krbtgt #

Filter for krbtgt user.

Value: (&(objectClass=user)(sAMAccountName=krbtgt))