TestimoX

API Reference

Class

SpnHygieneSnapshot

Edit on GitHub
Namespace ADPlayground.Kerberos.SpnHygieneService
Assembly ADPlayground
Source ADPlayground/Kerberos/SpnHygieneService.cs:31
Modifiers sealed

Aggregated SPN hygiene information for a domain.

Inheritance

  • Object
  • SpnHygieneSnapshot

Constructors

Properties

public String DomainName { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:31

DNS domain name evaluated.

public Int32 TotalServiceAccounts { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:33

Total number of SPN-bearing accounts.

public List<String> PrivilegedWithSpn { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:35

Privileged accounts that have SPNs set.

public List<SpnInvalidEntry> InvalidSpns { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:37

Invalid or unresolvable SPNs with reasons.

public List<ValueTuple<String, Int32>> AccountsSpnCounts { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:39

Per-account SPN counts for hotspot detection.

public Int32 MaxSpnCount { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:41

Maximum SPN count across accounts.

public List<ServiceClassInfo> ServiceClasses { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:43

All observed service classes with counts.

public List<ServiceClassInfo> TopClasses { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:45

Top N service classes by occurrence.

public List<ServiceClassInfo> UnexpectedClasses { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:47

Service classes that are not included in the allowlist.

public List<ServiceClassInfo> BlockedClassesUsed { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:49

Service classes that appear in the blocklist.

public List<SpnInvalidEntry> UnresolvableTargets { get; set; } #
ADPlayground/Kerberos/SpnHygieneService.cs:51

SPNs whose targets failed DNS resolution checks.