TestimoX

API Reference

Class

SpnHygieneService

Edit on GitHub
Namespace ADPlayground.Kerberos
Assembly ADPlayground
Source ADPlayground/Kerberos/SpnHygieneService.cs:84
Modifiers static

Produces a hygiene snapshot for SPN-bearing accounts: privileged accounts with SPNs and invalid SPN strings.

Inheritance

  • Object
  • SpnHygieneService

Methods

public static SpnHygieneSnapshot Evaluate(String domainName, IEnumerable<String> allowlist = null, IEnumerable<String> blocklist = null, Int32 topN = 10, IEnumerable<String> dnsResolveClasses = null) #
ADPlayground/Kerberos/SpnHygieneService.cs:84
Returns: SpnHygieneSnapshot

Produces a domain-level SPN hygiene snapshot.

Parameters

domainName System.String requiredposition: 0
DNS domain name.
allowlist System.Collections.Generic.IEnumerable{System.String} = null optionalposition: 1
Optional allowlist of service classes considered expected (others marked unexpected).
blocklist System.Collections.Generic.IEnumerable{System.String} = null optionalposition: 2
Optional blocklist of service classes to flag as blocked.
topN System.Int32 = 10 optionalposition: 3
Number of service classes to include in TopClasses.
dnsResolveClasses System.Collections.Generic.IEnumerable{System.String} = null optionalposition: 4
Service classes for which DNS resolution is attempted on SPN targets.

Returns

Aggregated snapshot with counts, invalid entries, and service class breakdown.