IdentityPolicy

Namespace ADPlayground.Identity

Assembly ADPlayground

Source ADPlayground/Identity/IdentityPolicy.cs:34

Modifiers static

Central policy helpers for identity classification used by rules/engines. Provides a single source of truth for "privileged" detection so callers do not re-implement or drift in semantics.

Inheritance

Object
IdentityPolicy

Methods

public static Boolean IsBroadAccessSid(String sid) #

ADPlayground/Identity/IdentityPolicy.cs:93

Returns: Boolean

Returns true when the SID belongs to broad-access principals (Everyone/Auth Users/Domain Users/Domain Computers). Helpful when flagging ACLs that grant too-wide access.

Parameters

sid System.String requiredposition: 0

public static Boolean IsDangerousRid(Int32 rid) #

ADPlayground/Identity/IdentityPolicy.cs:75

Returns: Boolean

Returns true when a RID (relative identifier) is considered dangerous to have in SIDHistory. Used by SIDHistory analysis to flag history chains that include high-value built-ins/admins.

Parameters

rid System.Int32 requiredposition: 0

public static Boolean IsPrivilegedSid(String domainSid, String sid) #

ADPlayground/Identity/IdentityPolicy.cs:34

Returns: Boolean

Returns true if the SID should be treated as privileged for delegation/rights analysis. Considers local/forest well-knowns and domain-relative admin RIDs.

Parameters

domainSid System.String requiredposition: 0: Account domain SID value (e.g., S-1-5-21-...)
sid System.String requiredposition: 1: SID to evaluate.

public static Boolean IsTrustedGpoOwner(String domainSid, String ownerSid) #

ADPlayground/Identity/IdentityPolicy.cs:119

Returns: Boolean

Returns true when the provided SID is a trusted/expected owner for GPO objects.

Parameters

domainSid System.String requiredposition: 0
ownerSid System.String requiredposition: 1

Inheritance

Methods

Parameters

Parameters

Parameters

Parameters

Inherited Methods

Parameters