API Reference
Class
Ldap
PowerShell-like facade for LDAP connectivity testing that returns typed, readable results. Prefer this over calling low-level scanners directly.
Inheritance
- Object
- Ldap
Methods
public static IReadOnlyList<LdapServerReadable> TestDomain(String domain, Boolean skipRodc = false, NetworkCredential credential = null, Nullable<AuthType> authType = null, String identity = null, Boolean verifyCertificate = true, Boolean skipGlobalCatalog = false, Int32 retryCount = 1, Int32 retryDelayMs = 100, Int32 portLdap = 389, Int32 portLdaps = 636, Int32 gcPortLdap = 3268, Int32 gcPortLdaps = 3269, Int32 maxConcurrency = 4, Boolean probeLegacyTls = false, Int32 serverBudgetMs = 10000, Action<LdapServerReadable> onResult = null, Int32 perPortTimeoutMs = 3000, Int32 readableEnrichmentTimeoutMs = 0, Boolean includeFacts = true, Int32 factsTimeoutMs = 2500) #Returns:
IReadOnlyList<LdapServerReadable>Tests all domain controllers in the given domain and returns typed, readable connectivity records.
Parameters
- domain System.String
- DNS domain name.
- skipRodc System.Boolean = false
- Skip Read-Only Domain Controllers.
- credential System.Net.NetworkCredential = null
- Optional network credential for LDAP binds (for identity search).
- authType System.Nullable{System.DirectoryServices.Protocols.AuthType} = null
- Optional authentication type override.
- identity System.String = null
- Optional identity string to probe in RootDSE.
- verifyCertificate System.Boolean = true
- Verify LDAPS certificates and compute certificate fields.
- skipGlobalCatalog System.Boolean = false
- Skip GC (3268/3269) tests.
- retryCount System.Int32 = 1
- Port test retry count.
- retryDelayMs System.Int32 = 100
- Delay between retries in milliseconds.
- portLdap System.Int32 = 389
- LDAP port (default 389).
- portLdaps System.Int32 = 636
- LDAPS port (default 636).
- gcPortLdap System.Int32 = 3268
- GC LDAP port (default 3268).
- gcPortLdaps System.Int32 = 3269
- GC LDAPS port (default 3269).
- maxConcurrency System.Int32 = 4
- Max parallel probes.
- probeLegacyTls System.Boolean = false
- When true, performs additional LDAPS handshakes to detect accepted TLS versions.
- serverBudgetMs System.Int32 = 10000
- Total per-server wall-clock budget in milliseconds.
- onResult System.Action{ADPlayground.Ldap.LdapServerReadable} = null
- Optional callback invoked as each server result is materialized.
- perPortTimeoutMs System.Int32 = 3000
- Timeout per bind/search/certificate fetch in milliseconds.
- readableEnrichmentTimeoutMs System.Int32 = 0
- Optional tighter budget for enriching the readable view (site/OS/IP); defaults to perPortTimeoutMs when 0.
- includeFacts System.Boolean = true
- When true, enrich results with DC facts (RODC/GC/site/OS) if quickly retrievable.
- factsTimeoutMs System.Int32 = 2500
- Timeout budget in milliseconds for DC facts enrichment.
public static Task<IReadOnlyList<LdapServerReadable>> TestDomainAsync(String domain, Boolean skipRodc = false, NetworkCredential credential = null, Nullable<AuthType> authType = null, String identity = null, Boolean verifyCertificate = true, Boolean skipGlobalCatalog = false, Int32 retryCount = 1, Int32 retryDelayMs = 100, Int32 portLdap = 389, Int32 portLdaps = 636, Int32 gcPortLdap = 3268, Int32 gcPortLdaps = 3269, Int32 maxConcurrency = 4, Boolean probeLegacyTls = false, Int32 serverBudgetMs = 10000, Action<LdapServerReadable> onResult = null, Int32 perPortTimeoutMs = 3000, Int32 readableEnrichmentTimeoutMs = 0, Boolean includeFacts = true, Int32 factsTimeoutMs = 2500) #Returns:
Task<IReadOnlyList<LdapServerReadable>>Async version of Int32).
Parameters
- domain System.String
- DNS domain name.
- skipRodc System.Boolean = false
- Skip Read-Only Domain Controllers.
- credential System.Net.NetworkCredential = null
- Optional network credential for LDAP binds (for identity search).
- authType System.Nullable{System.DirectoryServices.Protocols.AuthType} = null
- Optional authentication type override.
- identity System.String = null
- Optional identity string to probe in RootDSE.
- verifyCertificate System.Boolean = true
- Verify LDAPS certificates and compute certificate fields.
- skipGlobalCatalog System.Boolean = false
- Skip GC (3268/3269) tests.
- retryCount System.Int32 = 1
- Port test retry count.
- retryDelayMs System.Int32 = 100
- Delay between retries in milliseconds.
- portLdap System.Int32 = 389
- LDAP port (default 389).
- portLdaps System.Int32 = 636
- LDAPS port (default 636).
- gcPortLdap System.Int32 = 3268
- GC LDAP port (default 3268).
- gcPortLdaps System.Int32 = 3269
- GC LDAPS port (default 3269).
- maxConcurrency System.Int32 = 4
- Max parallel probes.
- probeLegacyTls System.Boolean = false
- When true, performs additional LDAPS handshakes to detect accepted TLS versions.
- serverBudgetMs System.Int32 = 10000
- Total per-server wall-clock budget in milliseconds.
- onResult System.Action{ADPlayground.Ldap.LdapServerReadable} = null
- Optional callback invoked as each server result is materialized.
- perPortTimeoutMs System.Int32 = 3000
- Timeout per bind/search/certificate fetch in milliseconds.
- readableEnrichmentTimeoutMs System.Int32 = 0
- Optional tighter budget for enriching the readable view (site/OS/IP); defaults to perPortTimeoutMs when 0.
- includeFacts System.Boolean = true
- When true, enrich results with DC facts (RODC/GC/site/OS) if quickly retrievable.
- factsTimeoutMs System.Int32 = 2500
- Timeout budget in milliseconds for DC facts enrichment.
public static IReadOnlyList<LdapServerReadable> TestForest(String forest = null, Boolean includeTrusts = false, Boolean skipRodc = false, NetworkCredential credential = null, Nullable<AuthType> authType = null, String identity = null, Boolean verifyCertificate = true, Boolean skipGlobalCatalog = false, Int32 retryCount = 1, Int32 retryDelayMs = 100, Int32 portLdap = 389, Int32 portLdaps = 636, Int32 gcPortLdap = 3268, Int32 gcPortLdaps = 3269, Int32 maxConcurrency = 4, Boolean probeLegacyTls = false, Int32 serverBudgetMs = 10000, Action<LdapServerReadable> onResult = null, Int32 perPortTimeoutMs = 3000, Int32 readableEnrichmentTimeoutMs = 0, Boolean includeFacts = true, Int32 factsTimeoutMs = 2500, IReadOnlyList<String> certificateIncludeDomainName = null) #Returns:
IReadOnlyList<LdapServerReadable>Tests all domain controllers in the given forest and returns typed, readable connectivity records.
Parameters
- forest System.String = null
- Optional forest name; defaults to the current forest.
- includeTrusts System.Boolean = false
- When true, attempts to include domains from trusted forests (if enabled by discovery options).
- skipRodc System.Boolean = false
- Skip Read-Only Domain Controllers.
- credential System.Net.NetworkCredential = null
- Optional network credential for LDAP binds (for identity search).
- authType System.Nullable{System.DirectoryServices.Protocols.AuthType} = null
- Optional authentication type override.
- identity System.String = null
- Optional identity string to probe.
- verifyCertificate System.Boolean = true
- Verify LDAPS certificates and compute certificate fields.
- skipGlobalCatalog System.Boolean = false
- Skip GC (3268/3269) tests.
- retryCount System.Int32 = 1
- Port test retry count.
- retryDelayMs System.Int32 = 100
- Delay between retries in milliseconds.
- portLdap System.Int32 = 389
- LDAP port (default 389).
- portLdaps System.Int32 = 636
- LDAPS port (default 636).
- gcPortLdap System.Int32 = 3268
- GC LDAP port (default 3268).
- gcPortLdaps System.Int32 = 3269
- GC LDAPS port (default 3269).
- maxConcurrency System.Int32 = 4
- Max parallel probes.
- probeLegacyTls System.Boolean = false
- When true, performs additional LDAPS handshakes to detect accepted TLS versions.
- serverBudgetMs System.Int32 = 10000
- Total per-server wall-clock budget in milliseconds.
- onResult System.Action{ADPlayground.Ldap.LdapServerReadable} = null
- Optional callback invoked as each server result is materialized.
- perPortTimeoutMs System.Int32 = 3000
- Timeout per bind/search/certificate fetch in milliseconds.
- readableEnrichmentTimeoutMs System.Int32 = 0
- Optional tighter budget for enriching the readable view (site/OS/IP); defaults to perPortTimeoutMs when 0.
- includeFacts System.Boolean = true
- When true, enrich results with DC facts (RODC/GC/site/OS) if quickly retrievable.
- factsTimeoutMs System.Int32 = 2500
- Timeout budget in milliseconds for DC facts enrichment.
- certificateIncludeDomainName System.Collections.Generic.IReadOnlyList{System.String} = null
- Additional domain names that must appear in the certificate DNS list (SAN).
public static Task<IReadOnlyList<LdapServerReadable>> TestForestAsync(String forest = null, Boolean includeTrusts = false, Boolean skipRodc = false, NetworkCredential credential = null, Nullable<AuthType> authType = null, String identity = null, Boolean verifyCertificate = true, Boolean skipGlobalCatalog = false, Int32 retryCount = 1, Int32 retryDelayMs = 100, Int32 portLdap = 389, Int32 portLdaps = 636, Int32 gcPortLdap = 3268, Int32 gcPortLdaps = 3269, Int32 maxConcurrency = 4, Boolean probeLegacyTls = false, Int32 serverBudgetMs = 10000, Action<LdapServerReadable> onResult = null, Int32 perPortTimeoutMs = 3000, Int32 readableEnrichmentTimeoutMs = 0, Boolean includeFacts = true, Int32 factsTimeoutMs = 2500, IReadOnlyList<String> certificateIncludeDomainName = null) #Returns:
Task<IReadOnlyList<LdapServerReadable>>Async version of String>).
Parameters
- forest System.String = null
- Optional forest name; defaults to the current forest.
- includeTrusts System.Boolean = false
- When true, attempts to include domains from trusted forests (if enabled by discovery options).
- skipRodc System.Boolean = false
- Skip Read-Only Domain Controllers.
- credential System.Net.NetworkCredential = null
- Optional network credential for LDAP binds (for identity search).
- authType System.Nullable{System.DirectoryServices.Protocols.AuthType} = null
- Optional authentication type override.
- identity System.String = null
- Optional identity string to probe.
- verifyCertificate System.Boolean = true
- Verify LDAPS certificates and compute certificate fields.
- skipGlobalCatalog System.Boolean = false
- Skip GC (3268/3269) tests.
- retryCount System.Int32 = 1
- Port test retry count.
- retryDelayMs System.Int32 = 100
- Delay between retries in milliseconds.
- portLdap System.Int32 = 389
- LDAP port (default 389).
- portLdaps System.Int32 = 636
- LDAPS port (default 636).
- gcPortLdap System.Int32 = 3268
- GC LDAP port (default 3268).
- gcPortLdaps System.Int32 = 3269
- GC LDAPS port (default 3269).
- maxConcurrency System.Int32 = 4
- Max parallel probes.
- probeLegacyTls System.Boolean = false
- When true, performs additional LDAPS handshakes to detect accepted TLS versions.
- serverBudgetMs System.Int32 = 10000
- Total per-server wall-clock budget in milliseconds.
- onResult System.Action{ADPlayground.Ldap.LdapServerReadable} = null
- Optional callback invoked as each server result is materialized.
- perPortTimeoutMs System.Int32 = 3000
- Timeout per bind/search/certificate fetch in milliseconds.
- readableEnrichmentTimeoutMs System.Int32 = 0
- Optional tighter budget for enriching the readable view (site/OS/IP); defaults to perPortTimeoutMs when 0.
- includeFacts System.Boolean = true
- When true, enrich results with DC facts (RODC/GC/site/OS) if quickly retrievable.
- factsTimeoutMs System.Int32 = 2500
- Timeout budget in milliseconds for DC facts enrichment.
- certificateIncludeDomainName System.Collections.Generic.IReadOnlyList{System.String} = null
- Additional domain names that must appear in the certificate DNS list (SAN).