API Reference
CredentialHygieneConfiguration
Configuration knobs for user credential hygiene evaluation (thresholds, flags).
Inheritance
- Object
- CredentialHygieneConfiguration
Constructors
public CredentialHygieneConfiguration() #Inherited Methods
Properties
public String DomainName { get; set; } #DNS domain name represented by this configuration.
public Int32 TotalUsers { get; set; } #Total number of users considered in the snapshot.
public IReadOnlyList<UserCredentialEntry> PasswordNeverExpires { get; set; } #Users whose passwords are configured to never expire.
public IReadOnlyList<UserCredentialEntry> PasswordNotRequired { get; set; } #Users with the Password Not Required flag set.
public IReadOnlyList<UserCredentialEntry> AdminPasswordsAging { get; set; } #Administrative users whose password age exceeds the policy threshold.
public IReadOnlyList<UserCredentialEntry> UserPasswordsVeryStale { get; set; } #Non‑admin users whose password age exceeds the policy threshold.
public IReadOnlyList<AdminPreAuthItem> PreAuthDisabledAdmins { get; set; } #Administrators with Kerberos pre‑authentication disabled.
public IReadOnlyList<UserCredentialEntry> AesDisabledUsers { get; set; } #Users with AES disabled.
public IReadOnlyList<UserCredentialEntry> Rc4OnlyUsers { get; set; } #Users allowing only RC4.
public IReadOnlyList<UserCredentialEntry> SensitiveForDelegationUsers { get; set; } #Users marked sensitive (not delegatable).
public IReadOnlyList<UserCredentialEntry> PreAuthDisabledUsers { get; set; } #All users with pre-authentication disabled.
public IReadOnlyList<MsasCredentialEntry> MsasPreAuthDisabled { get; set; } #MSA/gMSA accounts with pre‑authentication disabled.
public IReadOnlyList<MsasCredentialEntry> MsasAesDisabled { get; set; } #MSA/gMSA accounts with AES disabled.
public IReadOnlyList<MsasCredentialEntry> MsasRc4Only { get; set; } #MSA/gMSA accounts that are RC4‑only.
public IReadOnlyList<UnixPasswordAccount> UnixPasswordAccounts { get; set; } #Accounts with legacy UNIX password attributes present.