Group
Field | Type | Possible Operators | Description |
---|---|---|---|
Guid | TEXT |
| A unique identifier that is a combination of GUID of selected |
FSName | TEXT |
| A special unique identifier that is a combination of the |
ObjectSid | TEXT |
| Active Directory security identifier of object. (Ldap Display Name: objectSid) |
Name | TEXT |
| Name of the specified object. (Ldap Display Name: name) |
DistinguishedName | TEXT |
| Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName) |
IsPrivileged | BOOLEAN |
| Indicates that the object is Privileged. |
IsAdmin | BOOLEAN |
| Indicates that the object is Admin. |
WhenChanged | DATE |
| The date when this object was last changed. (Ldap Display Name: whenChanged) |
IsProtected | BOOLEAN |
| Indicates that the object is a direct or nested member of the Protected Users group. |
WhenCreated | DATE |
| The date when this object was created. (Ldap Display Name: whenCreated) |
risk | NUMBER |
| The risk score of the object that calculated based on vulnerability counts and severities. |
member_count | NUMBER |
| The total count of the direct member objects. |
SAMAccountName | TEXT |
| The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName) |
Cn | TEXT |
| The name that represents an object. Used to perform searches. (Ldap Display Name: cn) |
IsStealth | BOOLEAN |
| Indicates that the object can compromise admin objects with at least one attack path. |
SidHistory | TEXT |
| Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory) |
GroupType | NUMBER |
| Contains a set of flags that define the type and scope of a group object. (Ldap Display Name: https://learn.microsoft.com/en-us/windows/win32/adschema/a-grouptype) |
SAMAccountType | NUMBER |
| Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) (Field Reference) |
first_degree_localadmin_count | NUMBER |
| Indicates that the group has explicit local admin privilege on how many computers. |
Description | TEXT |
| Description text to display for an object. (Ldap Display Name: description) |
AdminCount | NUMBER |
| Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount) |
IsLocalAdmin | BOOLEAN |
| Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer. |
Last updated