API Reference
IdentityExposureAnalysisOptions
Options controlling Active Directory identity exposure graph construction.
Inheritance
- Object
- IdentityExposureAnalysisOptions
Usage
This type appears in these public API surfaces even when no hand-authored example is attached directly to the page.
Returned or exposed by
Accepted by parameters
Constructors
public IdentityExposureAnalysisOptions() #Inherited Methods
public override Boolean Equals(Object obj) #BooleanParameters
- obj Object
Properties
public Boolean IncludeTier0Membership { get; set; } #Include nested membership edges into Tier 0 groups.
public Boolean IncludeTier0Delegation { get; set; } #Include explicit write/control ACEs on Tier 0 groups.
public Boolean IncludeOuDelegation { get; set; } #Include write/control ACEs on organizational units as graph edges.
public Boolean IncludeGpoDelegation { get; set; } #Include write/control ACEs on Group Policy objects as graph edges.
public Boolean IncludeAccountDelegation { get; set; } #Include unconstrained, constrained, and resource-based account delegation edges.
public Boolean IncludeSidHistory { get; set; } #Include SIDHistory relationships as graph edges.
public Boolean IncludeReplicationRights { get; set; } #Include replication extended-right relationships as DCSync graph edges.
public Boolean IncludeShadowCredentials { get; set; } #Include shadow credential write relationships on privileged targets.
public Boolean IncludeLapsReadDelegation { get; set; } #Include OU-level LAPS password read delegation relationships.
public Boolean IncludeDirectoryAclInventory { get; set; } #Include user, group, and computer ACL delegation exceptions from the directory ACL inventory.
public Boolean IncludeDirectoryTopology { get; set; } #Include directory containment and GPO-link topology edges.
public IReadOnlyList<String> AdditionalTier0GroupNames { get; set; } #Additional tenant-specific privileged group names to treat as Tier 0 membership roots.
public Int32 MaxPaths { get; set; } #Maximum number of cheapest paths returned by the snapshot.
public Int32 MaxAlternatePaths { get; set; } #Maximum number of alternate ranked paths returned by the snapshot. Zero disables alternate path projection.
public Int32 MaxAlternatePathsPerSource { get; set; } #Maximum number of alternate ranked paths returned per source object.
public Int32 AlternatePathMaxDepth { get; set; } #Maximum relationship depth used for alternate path enumeration.
public Int32 MaxEdgeImpactCandidates { get; set; } #Maximum number of edge impact candidates returned by the snapshot.
public TimeSpan MembershipTimeout { get; set; } #Timeout used by existing group membership services.
public Nullable<Int32> MaxOusToAnalyze { get; set; } #Maximum number of OUs to analyze when OU delegation is enabled.
public Nullable<Int32> OuDelegationTimeBudgetMs { get; set; } #Optional wall-clock time budget in milliseconds for OU delegation analysis.
public Nullable<Int32> MaxAccountDelegationRows { get; set; } #Maximum number of account delegation rows to analyze when account delegation is enabled.
public Nullable<Int32> MaxDirectoryAclObjects { get; set; } #Maximum number of directory objects scanned when directory ACL inventory edges are enabled. Null uses the default cap.
public Nullable<Int32> MaxDirectoryAclFindings { get; set; } #Maximum number of directory ACL findings mapped to exposure edges. Null uses the default hard cap.
public Boolean IncludeDirectoryAclInherited { get; set; } #Include inherited ACEs when directory ACL inventory edges are enabled.
public Boolean IncludeDirectoryAclPrivilegedTrustees { get; set; } #Include privileged trustees when directory ACL inventory edges are enabled.
public Boolean ExcludeDirectoryAclDefaultSchemaDelegations { get; set; } #Exclude default schema delegations when directory ACL inventory edges are enabled.
public Nullable<Int32> MaxDirectoryTopologyOus { get; set; } #Maximum number of organizational units mapped to topology edges. Null uses the default cap; zero disables the cap.
Fields
public const Int32 DefaultMaxPaths #Default maximum number of cheapest paths returned by the snapshot.
100public const Int32 DefaultMaxAlternatePaths #Default maximum number of alternate ranked paths returned by the snapshot.
25public const Int32 DefaultMaxAlternatePathsPerSource #Default maximum number of alternate ranked paths returned per source object.
3public const Int32 DefaultAlternatePathMaxDepth #Default maximum relationship depth used for alternate path enumeration.
8public const Int32 DefaultMaxEdgeImpactCandidates #Default maximum number of edge impact candidates returned by the snapshot.
100public const Int32 DefaultMaxDirectoryAclObjects #Default maximum number of directory objects scanned when directory ACL inventory edges are enabled.
10000public const Int32 DefaultMaxDirectoryAclFindings #Default hard cap for directory ACL findings mapped to exposure edges in very large environments.
200000public const Int32 DefaultMaxDirectoryTopologyOus #Default maximum number of organizational units mapped to topology edges.
50000