API Reference
Class
PrivilegedSpnChecker
Provides methods to locate privileged accounts that have Service Principal Names defined.
Inheritance
- Object
- PrivilegedSpnChecker
Remarks
See usage examples in the unit tests for typical scenarios.
Constructors
public PrivilegedSpnChecker(Func<String, IEnumerable<String>> fetchAccounts = null, Func<IEnumerable<String>> enumerateDomains = null) #Initializes a new instance of the PrivilegedSpnChecker class.
Parameters
- fetchAccounts System.Func{System.String,System.Collections.Generic.IEnumerable{System.String}} = null
- Optional delegate retrieving privileged SPN accounts from a domain.
- enumerateDomains System.Func{System.Collections.Generic.IEnumerable{System.String}} = null
- Optional delegate returning domain names to query.
Methods
public Void CheckDomain(String domainName = null) #Returns:
VoidLogs a warning for each account with an SPN defined and adminCount=1.
Parameters
- domainName System.String = null
- Target domain name or null for the current domain.
public static IEnumerable<String> FilterAccounts(IEnumerable<ValueTuple<String, Boolean, Boolean>> accounts) #Returns:
IEnumerable<String>Filters a provided collection of account data to those with SPNs and adminCount=1.
Parameters
- accounts System.Collections.Generic.IEnumerable{System.ValueTuple{System.String,System.Boolean,System.Boolean}}
- Tuple containing account name, SPN flag and adminCount flag.
Returns
Collection of SAM account names.
GetAccounts 2 overloads
public IEnumerable<String> GetAccounts(String domainName) #Returns:
IEnumerable<String>Retrieves SAM account names with SPNs defined and adminCount=1 in the specified domain.
Parameters
- domainName System.String
- Target domain name.
Returns
Collection of SAM account names.
public IEnumerable<String> GetAccounts() #Returns:
IEnumerable<String>Enumerates all domains in the forest and returns accounts with SPNs and adminCount=1.
Returns
Collection of SAM account names.