Domains
The Domains page provides a list of enumerated Domains in entire Active Directory. The list contains the Risk Score and Issue Counts of each domain object.
Domain Details
Details page contains the Risk Score of the domain, Details tab, GPOs tab, Visualize button, Issues and Trusts panes.
You can analyze objects in the Graph module by clicking the Visualize button on the upper left side.
Details
Details tab contains attributes below about domain.
| Attribute | Description |
|---|---|
Distinguished Name | Active Directory distinguished name of the object. (Ldap Display Name |
Domain Mode | The operating mode of the domain. (Field reference) |
PDC Role Owner | Domain controller that holds the primary domain controller (PDC) for this domain. |
Object Sid | Active Directory security identifier of object. (Ldap Display Name: objectSid) |
Created Time | The date when this object was created. (Ldap Display Name: whenCreated) |
Last Changed Time | The date when this object was last changed. (Ldap Display Name: whenChanged) |
ms-DS-MachineAccountQuota | The number of computer accounts that a user is allowed to create in a domain. (Ldap Display Name: ms-DS-MachineAccountQuota) |
FSMO Role Owner | Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. (Ldap Display Name: fSMORoleOwner) |
Netbios Name | The name of the object to be used over NetBIOS. (Ldap Display Name: nETBIOSName) |
Domain Mode Level | The operating mode level of the domain. (Field Reference) |
RID Role Owner | Domain controller that holds the relative identifier (RID) master role for this domain. |
Minimum Password Length | The minimum number of characters that a password must contain. (Ldap Display Name: minPwdLength) |
Password History Length | The number of old passwords to save. (Ldap Display Name: pwdHistoryLength) |
Password Properties | A bitfield to indicate complexity and storage restrictions. (Ldap Display Name: pwdProperties) (Field Reference) |
Lockout Threshold | The number of invalid logon attempts that are permitted before the account is locked out. (Ldap Display Name: lockoutThreshold) |
Infrastructure Role Owner | Domain controller that holds the infrastructure owner role. |
GPOs
GPOs tab contains a list of Group Policy objects which linked to the domain object. This list also contains Enforcement Status and Link Order of the group policy objects. You can go to the details page of the group policy object by clicking the name.
Issues
Issues pane contains identified issues on the domain object.
Trusts
Trusts pane contains trust relationships of the domain object and attributes about the trust.
Target Domain: The name of the domain with which a trust exists.
Direction: Indicates in which direction the trust flows. (Field Reference)
Active: Indicates whether the trust is actively used or not. The activity threshold is 40 days. (Ldap Display Name: whenChanged)
Transitive: Indicates whether the trust is transitive or not. Transitive trust refers to a trust relationship between two domains that allows authentication and authorization to be passed through multiple domains in a chain.
Selective Authentication: Authentication type of a trust. True if the authentication of the trust is selective; false if the authentication is domain or forest wide. Selective authentication allows control over which objects in a trusted domain can access resources in the trusting domain.
SID Filtering: SID filtering status of a trust. True if SID filtering is enabled; otherwise, false. SID (Security Identifier) filtering is a security mechanism used in Microsoft Active Directory to prevent security principal (user or group) impersonation with SIDHistory.
TGT Delegation: Indicates whether the TGT delegation across trusts is active or not. TGT delegation allows a domain controller to forward authentication requests to another domain controller without the need to re-authenticate. This is also known as cross-domain authentication or cross-forest authentication.
Type: Indicates the type of trust. (Field Reference)
Last updated
