Domains
Last updated
Was this helpful?
Last updated
Was this helpful?
The Domains page provides a list of enumerated Domains in entire Active Directory. The list contains the Risk Score , Exposure Point and Issue Counts of each domain object.
Details page contains the Risk Score of the domain,Exposure Point, Details tab, GPOs tab, Visualize button, Issues and Trusts panes.
You can analyze objects in the Graph module by clicking the Visualize button on the upper left side.
Details tab contains attributes below about domain.
Distinguished Name
Active Directory distinguished name of the object. (Ldap Display Name
Domain Mode
PDC Role Owner
Domain controller that holds the primary domain controller (PDC) for this domain.
Object Sid
Active Directory security identifier of object. (Ldap Display Name: objectSid)
Created Time
The date when this object was created. (Ldap Display Name: whenCreated)
Last Changed Time
The date when this object was last changed. (Ldap Display Name: whenChanged)
ms-DS-MachineAccountQuota
The number of computer accounts that a user is allowed to create in a domain. (Ldap Display Name: ms-DS-MachineAccountQuota)
FSMO Role Owner
Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. (Ldap Display Name: fSMORoleOwner)
Netbios Name
The name of the object to be used over NetBIOS. (Ldap Display Name: nETBIOSName)
Domain Mode Level
RID Role Owner
Domain controller that holds the relative identifier (RID) master role for this domain.
Minimum Password Length
The minimum number of characters that a password must contain. (Ldap Display Name: minPwdLength)
Password History Length
The number of old passwords to save. (Ldap Display Name: pwdHistoryLength)
Password Properties
Lockout Threshold
The number of invalid logon attempts that are permitted before the account is locked out. (Ldap Display Name: lockoutThreshold)
Infrastructure Role Owner
Domain controller that holds the infrastructure owner role.
GPOs tab contains a list of Group Policy objects which linked to the domain object. This list also contains Enforcement Status and Link Order of the group policy objects. You can go to the details page of the group policy object by clicking the name.
Issues pane contains identified issues on the domain object.
Trusts pane contains trust relationships of the domain object and attributes about the trust.
Target Domain: The name of the domain with which a trust exists.
Direction: Indicates in which direction the trust flows. (Field Reference)
Active: Indicates whether the trust is actively used or not. The activity threshold is 40 days. (Ldap Display Name: whenChanged)
Transitive: Indicates whether the trust is transitive or not. Transitive trust refers to a trust relationship between two domains that allows authentication and authorization to be passed through multiple domains in a chain.
Selective Authentication: Authentication type of a trust. True if the authentication of the trust is selective; false if the authentication is domain or forest wide. Selective authentication allows control over which objects in a trusted domain can access resources in the trusting domain.
SID Filtering: SID filtering status of a trust. True if SID filtering is enabled; otherwise, false. SID (Security Identifier) filtering is a security mechanism used in Microsoft Active Directory to prevent security principal (user or group) impersonation with SIDHistory.
TGT Delegation: Indicates whether the TGT delegation across trusts is active or not. TGT delegation allows a domain controller to forward authentication requests to another domain controller without the need to re-authenticate. This is also known as cross-domain authentication or cross-forest authentication.
Type: Indicates the type of trust. (Field Reference)
The operating mode of the domain. ()
The operating mode level of the domain. ()
A bitfield to indicate complexity and storage restrictions. (Ldap Display Name: pwdProperties) ()
