API Reference

Class

Finding (DangerousExtendedRightsService)

Namespace ADPlayground.Security.DangerousExtendedRightsService

Assembly ADPlayground

Source ADPlayground/Security/DangerousExtendedRightsService.cs:61

Implements

IEquatable<Finding>

Modifiers sealed

Describes a single dangerous right detected on a sensitive object.

Inheritance

Object
Finding

Constructors

public Finding(String targetDn, String targetCategory, String principalSid, String principalName, String right) #

ADPlayground/Security/DangerousExtendedRightsService.cs:61

Creates a new finding.

Parameters

targetDn System.String requiredposition: 0: Distinguished name of the object where the right was found.
targetCategory System.String requiredposition: 1: Logical category of the target (DomainRoot, AdminSDHolder, krbtgt, MasterKey, Other).
principalSid System.String requiredposition: 2: SID of the principal holding the right.
principalName System.String requiredposition: 3: Resolved account name for the SID.
right System.String requiredposition: 4: Right label (e.g., WriteDacl, GenericAll, ExtendedRight(Replication)).

Methods

public Finding <Clone>$() #

Returns: Finding

public virtual Boolean Equals(Finding other) #

Returns: Boolean

Parameters

obj Object requiredposition: 0

public override Int32 GetHashCode() #

Returns: Int32

public override String ToString() #

Returns: String

Inherited Methods

Properties

public String TargetDn { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:34

Distinguished name of the target object.

public String TargetCategory { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:36

Logical category of the target.

public String PrincipalSid { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:38

SID of the principal holding the right.

public String PrincipalName { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:40

Resolved name for the SID.

public String Right { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:42

Right label (e.g., WriteDacl, GenericAll, ExtendedRight(Replication)).

public AclOperationKind OperationKind { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:45

Derived operation for the ACE (Write/ModifyDacl/ModifyOwner/CreateOrDeleteChild/Delete/Read/ApplyGroupPolicy).

public Boolean HasWrite { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:47

True when the ACE conveys write/control capabilities (excludes Apply Group Policy only and read-only).

public AclRiskLevel RiskLevel { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:49

Risk level classification for this ACE.

public String RiskReason { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:51

Short reason for RiskLevel.

public Nullable<Guid> ObjectTypeGuid { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:53

ObjectType GUID targeted by the ACE, when any (attribute/extended right).

public String ObjectTypeName { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:55

Friendly name for ObjectTypeGuid when resolvable.

public ActiveDirectorySecurityInheritance Inheritance { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:57

Inheritance scope of the ACE.

public Boolean IsInherited { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:59

True if the ACE is inherited.

public IdentityType IdentityType { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:61

Best-effort identity kind (User/Group/Computer/Unknown).

public Boolean IsPrivileged { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:63

True when the trustee is privileged (built-in or core admin groups in the domain).

public String WriteRights { get; set; } #

ADPlayground/Security/DangerousExtendedRightsService.cs:65

Display-friendly subset of write rights for UI.