| Guid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | A unique identifier that is a combination of GUID of selected Scan and Active Directory ObjectGUID of the object. |
| FSName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | A special unique identifier that is a combination of the Name of the object and the Fully Qualified Domain Name of the Domain. |
| ObjectSid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Active Directory security identifier of object. (Ldap Display Name: objectSid) |
| Name | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Name of the specified object. (Ldap Display Name: name) |
| IsDomainController | BOOLEAN | N/A | Indicates whether the machine is a Domain Controller server. |
| OperatingSystem | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The name of the operating system that runs on the computer. (Ldap Display Name: operatingSystem) |
| OperatingSystemVersion | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The version of the operating system that runs on the computer. (Ldap Display Name: operatingSystemVersion) |
| IsEnabled | BOOLEAN | N/A | Indicates whether the object is enabled. |
| DistinguishedName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName) |
| session_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates the number of sessions on the computer. |
| explicit_localadmin_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates the number of explicit local admins on the computer. |
| IsPrivileged | BOOLEAN | N/A | Indicates that the object is Privileged. |
| IsSMBv202Active | BOOLEAN | N/A | Indicates whether the SMB Version 2.2 is active. |
| IsUnsupported | BOOLEAN | N/A | Indicates whether the computer runs an unsupported/obsolote operating system. |
| IsAdmin | BOOLEAN | N/A | Indicates that the object is Admin. |
| DNSHostName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Fully qualified domain name of computer as registered in DNS. (Ldap Display Name: dNSHostName) |
| IsSpoolActive | BOOLEAN | N/A | Indicates whether the Spool service is running on the computer. |
| WhenChanged | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date when this object was last changed. (Ldap Display Name: whenChanged) |
| IsProtected | BOOLEAN | N/A | Indicates that the object is a direct or nested member of the Protected Users group. |
| WhenCreated | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date when this object was created. (Ldap Display Name: whenCreated) |
| MsDSSupportedEncryptionTypes | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services and Computers can automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute. (LDAP Display Name: msDS-SupportedEncryptionTypes) |
| IsSMBv2v3SignEnabled | BOOLEAN | N/A | Indicates whether the SMB Version 2 and Version 3 protocol signing is enabled. |
| HasLaps | BOOLEAN | N/A | Indicates whether the local administrator account on the computer is managed through LAPS(Local Administrator Password Solution). |
| IPAddress | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | IPV4 Network address of the computer. |
| risk | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The risk score of the object that calculated based on vulnerability counts and severities. |
| UserAccountControl | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Flags that control different attributes and behavior of the objects. (Ldap Display Name: userAccountControl) (Field Reference) |
| AllowedtoDelegateSpn | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains Service Principal Name definitions in the context of Constrained Delegation. (LDAP Display Name: msDS-AllowedToDelegateTo) |
| SAMAccountName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName) |
| DontReqPasswd | BOOLEAN | N/A | Indicates whether the object's password can be blank. |
| DontReqPreauth | BOOLEAN | N/A | Indicates whether the Kerberos Pre-Authentication mechanism was disabled for the object. |
| Cn | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The name that represents an object. Used to perform searches. (Ldap Display Name: cn) |
| IsSMBv2v3SignRequired | BOOLEAN | N/A | Indicates whether the SMB Version 2 and Version 3 protocol requires signing. |
| HasReversibleEncryption | BOOLEAN | N/A | Indicates whether the object is using reversible encryption instead of hash to keep credentials. |
| IsSMBv210Active | BOOLEAN | N/A | Indicates whether the SMB Version 2.10 is active. |
| SidHistory | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory) |
| IsSMBv1Active | BOOLEAN | N/A | Indicates whether the SMB Version 1 is active. |
| PwdLastSet | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The date and time that the password for this account was last changed. If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. (Ldap Display Name: pwdLastSet) |
| IsUsingDESAlgorithmForHashing | BOOLEAN | N/A | Indicates whether the object is using an insecure DES algorithm in Kerberos protocol. |
| AdminCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount) |
| LapsExpirationTime | DATE | SMALLER, LARGER, BETWEEN, EQUAL | Stores the password expiration time of LAPS. (Ldap Display Name: ms-Mcs-AdmPwdExpirationTime) |
| LastLogon | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The last time the user logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: lastLogon) |
| HasUnconstrainedDelegation | BOOLEAN | N/A | Indicates whether the Unconstrained Delegation is activated on the object. |
| IsSMBPortOpen | BOOLEAN | N/A | Indicates whether port 445 of the computer is accessible. |
| LogonCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of times the account has successfully logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: logonCount) |
| IsSMBv311Active | BOOLEAN | N/A | Indicates whether the SMB Version 3.1 is active. |
| BadPwdCount | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of times the object tried to log on to the account using an incorrect password. (Ldap Display Name: badPwdCount) |
| HasConstrainedDelegation | BOOLEAN | N/A | Indicates whether the Constrained Delegation is activated on the object. |
| IsStealth | BOOLEAN | N/A | Indicates that the object can compromise admin objects with at least one attack path. |
| HasResourceBasedConstrainedDelegation | BOOLEAN | N/A | Indicates whether the Resource Based Constrained Delegation is activated on the object. |
| IsSMBv300Active | BOOLEAN | N/A | Indicates whether the SMB Version 3 is active. |
| group_delegated_localadmin_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates that the object has group delegated local admin privilege on how many computers. |
| PrimaryGroupID | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains the relative identifier (RID) for the primary group of the object. (Ldap Display Name: primaryGroupID) |
| IsSMBv302Active | BOOLEAN | N/A | Indicates whether the SMB Version 3.2 is active. |
| LastLogonTimestamp | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The time that the user last logged into the domain. This attribute is replicated to other Domain Controllers but not updated until after 14 (msDS-LogonTimeSyncInterval) days. (Ldap Display Name: lastLogonTimestamp) |
| SAMAccountType | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) (Field Reference) |
| IsLocalAdmin | BOOLEAN | N/A | Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer. |
| HasProtocolTransition | BOOLEAN | N/A | Indicates whether the Constrained Delegation with Protocol transition is activated on the object. |
| IsSMBv1SignRequired | BOOLEAN | N/A | Indicates whether the SMB Version 1 protocol requires signing. |
| DisplayName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The display name for an object. This is usually the combination of the users first name, middle initial, and last name. (LDAP Display Name: displayName) |
| IsServiceUser | BOOLEAN | N/A | Indicates whether the object is managing services through Service Principal Name. |
| IsWindowsOS | BOOLEAN | N/A | Determines whether the current operating system is a version of Microsoft Windows. It returns true if the OS is Windows, otherwise false. |
| IsWindowsServer | BOOLEAN | N/A | Checks if the operating system is a Windows Server edition. It returns true if the OS is a Windows Server, otherwise false. |
| IsWSUServer | BOOLEAN | N/A | Checks if the machine is configured as a Windows Server Update Services (WSUS) server. Returns true if it is a WSUS server, otherwise false. |
| HTTPUpdateService | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Handles application updates by communicating with a remote server over HTTP. It fetches version information, compares it with the application's current version, and initiates the update process if necessary. |
| IsInactive | BOOLEAN | N/A | Indicates whether a computer has been enabled but unused (no logon) for a period longer than the defined inactivity threshold |
| member_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The total count of the direct member objects. |
| IsAccountLocked | BOOLEAN | N/A | Indicates whether the account password was locked due to multiple incorrect password attempts. |
| IsDomainController | BOOLEAN | N/A | Indicates whether the machine is a Domain Controller server. |
| ServicePrincipalName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | These SPN entries indicate that the computer has Kerberos service identifiers registered for both its hostname and fully qualified domain name under the HOST and RestrictedKrbHost service classes, allowing it to securely participate in Kerberos authentication. |
| MsDsCreatorSid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | security identifier (SID) of the account that originally created the Active Directory object, retrieved in binary form and converted to a readable SID string. |
| Description | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Description text to display for an object. (Ldap Display Name: description) |
| SmbShares | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Shared folders or printers on a network using the SMB (Server Message Block) protocol for file and resource sharing. |
| ExposurePoint | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | ExposurePoint: A numerical value indicating the level of risk or exposure. |
| InfrastructureRoleOwner | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Domain controller that holds the infrastructure owner role. |
| RidRoleOwner | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Domain controller that holds the relative identifier (RID) master role for this domain. |
| FSMORoleOwner | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. (Ldap Display Name: fSMORoleOwner) |
| IsRootDomain | BOOLEAN | N/A | Indicates whether the domain is the root of the forest. |
| IsRecycleBinEnabled | BOOLEAN | N/A | Indicates whether the recycle bin is activated for the domain. |
| PwdProperties | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | A bitfield to indicate complexity and storage restrictions. (Ldap Display Name: pwdProperties) (Field Reference) |
| IsEnumerable | BOOLEAN | N/A | Indicates the FSProtect enumeration status of the domain. |
| PdcRoleOwner | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Domain controller that holds the primary domain controller (PDC) for this domain. |
| DomainMode | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The operating mode of the domain. (Field reference) |
| LockoutThreshold | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of invalid logon attempts that are permitted before the account is locked out. (Ldap Display Name: lockoutThreshold) |
| PwdHistoryLength | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of old passwords to save. (Ldap Display Name: pwdHistoryLength) |
| DomainModeLevel | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The operating mode level of the domain. (Field Reference) |
| NetbiosName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The name of the object to be used over NetBIOS. (Ldap Display Name: nETBIOSName) |
| MinPwdLength | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The minimum number of characters that a password must contain. (Ldap Display Name: minPwdLength) |
| MsDSMachineAccountQuota | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of computer accounts that a user is allowed to create in a domain. (Ldap Display Name: ms-DS-MachineAccountQuota) |
| msDSMaximumPasswordAge | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Defines the maximum number of days a user password remains valid before it must be changed. |
| msDSPasswordSettingsPrecedence | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Specifies the precedence of the password policy. Lower numbers have higher priority. |
| msDSPasswordReversibleEncryptionEnabled | BOOLEAN | N/A | Specifies whether reversible encryption is enabled for user passwords. |
| MinimumPassAge | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies the minimum number of days a user must wait before changing their password again. |
| msDSPasswordComplexityEnabled | BOOLEAN | N/A | The status of password complexity requirements for user accounts. |
| msDSLockoutObservationWindow | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies the time window (in minutes) during which failed logon attempts are counted before account lockout. |
| msDSPasswordHistoryLength | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Specifies the number of previous passwords remembered to prevent reuse by the user. |
| msDSLockoutThreshold | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Specifies the number of failed logon attempts allowed before the user account is locked out. |
| msDSLockoutDuration | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies the duration (in minutes) that a user account remains locked after reaching the lockout threshold. |
| msDSMinimumPasswordLength | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Specifies the minimum number of characters required in a user password. |
| IsWeak | BOOLEAN | N/A | Shows whether the password policy settings are considered insecure, based on factors like short passwords, lack of complexity, absence of account lockout, or reversible encryption. |
| GPCFunctionalityVersion | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The version of the Group Policy Editor that created this object. (Ldap Display Name: gPCFunctionalityVersion) |
| Flags | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates the state of the GPO. (Ldap Display Name: flags) (Field Reference) |
| GPCMachineExtensionNames | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | lists the GUIDs of client-side extensions (CSEs) linked to a Group Policy Object (GPO) that apply machine-level settings. |
| unrolled_linked_entity_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The total number of objects that are affected by the group policy. |
| PolicyRules | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains group policy object settings in XML format. |
| VersionNumber | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | A general purpose version number. (Ldap Display Name: versionNumber) |
| GPCFileSysPath | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | SYSVOL Policy folder path of the group policy object. (Ldap Display Name: gPCFileSysPath) |
| IsCriticalSystemObject | BOOLEAN | N/A | N/A |
| IsEmpty | BOOLEAN | N/A | Indicates whether the Group Policy Object (GPO) contains any policy rules; it is true if PolicyRules is null or empty, meaning the GPO has no defined policies. |
| Passwords | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Plain-text passwords in Group Policy related configuration files. |
| ObjectClass | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | It tells what kind of object the entry is, and more importantly, what set of attributes that object can or must have. |
| GroupType | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Contains a set of flags that define the type and scope of a group object. (Ldap Display Name: https://learn.microsoft.com/en-us/windows/win32/adschema/a-grouptype) |
| first_degree_localadmin_count | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Indicates that the account has explicit local admin privilege on how many computers. |
| PasswordExpirationDate | DATE | SMALLER, LARGER, BETWEEN, EQUAL | The expiration date of the object's password. |
| HasNonExpiringPassword | BOOLEAN | N/A | Indicates whether the object's password is set to never expire. |
| MsDSManagedPasswordInterval | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | This attribute is used to retrieve the number of days before a managed password is automatically changed for a group MSA. (Ldap Display Name: msDS-ManagedPasswordInterval) |
| HasLocalService | BOOLEAN | N/A | Indicates whether the object has managing local services (without SPN). |
| IsSensetive | BOOLEAN | N/A | Indicates whether the object's NOT_DELEGATED bit of UserAccountControl is set. This attribute is used to disable Kerberos delegations for objects. |
| IsPasswordExpired | BOOLEAN | N/A | Indicates whether the object's password is expired and should be changed. |
| IsDomainGroup | BOOLEAN | N/A | Indicates whether the group is a Domain Group (true) defined in Active Directory or a Local Group (false) defined only on the local machine. |
| can_rdp | BOOLEAN | N/A | Indicates whether the local user can have enough privilege to connect with RDP (Remote Desktop Protocol) to the computer. |
| can_exec_pwsh | BOOLEAN | N/A | Indicates whether the local user can have enough privilege to execute commands with Powershell on the computer. |
| admin_to | BOOLEAN | N/A | Indicates whether the local user can have admin privilege on the computer. |
| can_exec_dcom | BOOLEAN | N/A | Indicates whether the local user can have enough privilege to execute commands with DCOM(Distributed Component Object Model) protocol on the computer. |
| inComputerName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | FSName of the computer that contains the local user. |
| inComputerGuid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Guid of the computer that contains the local user. |
| IsDomainUser | BOOLEAN | N/A | That indicates whether a user account belongs to a domain or is a local account. |
| inLocalGroupName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | FSName of the local group that contains the local user. |
| inLocalGroupGuid | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Guid of the local group that contains the local user. |
| BlockInheritance | BOOLEAN | N/A | Indicates whether the OU blocks Group Policy inheritance. (Ldap Display Name: gPOptions) |
| Host | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Fully qualified domain name or NetBIOS name of the computer that the service running on. |
| Port | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Port number of the service. |
| ServiceName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies the unique identifier or instance name of the service within the SPN, distinguishing it from other similar service instances. |
| FullName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Combination of the DNSHostName and the Name of the certificate authority. |
| ServiceClass | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Name of the service. |
| UserPrincipalName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Internet-style unique login name for a user based on the Internet standard RFC 822. A UPN consists of a UPN prefix (the user account name) and a UPN suffix (a DNS domain name). (Ldap Display Name: userPrincipalName) |
| IsTrustAccount | BOOLEAN | N/A | Indicates whether the object is used to manage the related trust. |
| GivenName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains the given name (first name) of the user. (Ldap Display Name: givenName) |
| Sn | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | This attribute contains the family or last name for a user. (LDAP Display Name: Sn) |
| AllowsUserSpecifiedSANs | BOOLEAN | N/A | Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to any certificate template that is published by this certificate authority server has been allowed. |
| CertificateManagerRestrictions | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Some organizations require further restrictions on certificate manager activities. Rather than allow a certificate manager to issue or revoke any certificate issued by a CA, the organization might want a certificate manager to only manage a subset of all certificates. Specified property contains the defined certificate manager restrictions on the certificate authority. The data in this column formatted as, Name of the Certificate Manager,Name of the Template ,Name of the Principal,Access Type. The definition is, Name of the Certificate Manager has Access Type rights on Name of the Principal to manage the Name of the Template template. |
| isEnterpriseCa | BOOLEAN | N/A | Whether the certificate authority is an enterprise certificate authority instance. Enterprise certificate authorities are domain members and typically online to issue certificates or certificate policies. |
| EnterpriseCAName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Name of the CA server, specified in the ADCS installation. |
| CaCertificateDN | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Full distinguished name from the CA certificate. |
| IsWebEnrollmentEnabled | BOOLEAN | N/A | Whether the certificate authority server supports web-based enrollment for the clients. |
| CAEnrollmentInterfacesHTTPEnabled | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The Web-based endpoints of the certificate authority with HTTP enabled. |
| CAFlags | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The certificate authority flags attribute stores the bitwise combination of the certificate authority server's capabilities. |
| NetworkDeviceEnrollmentServiceUrls | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Network device enrollment url addresses of the certificate authority. |
| CAWebEnrollmentUrls | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Certificate authority web enrollment url addresses of the certificate authority. |
| CertificateEnrollmentPolicyWebServiceUrls | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Certificate enrollment policy web service url addresses of the certificate authority. |
| CertificateEnrollmentWebServiceUrls | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Certificate enrollment web service url addresses of the certificate authority. |
| isRootCA | BOOLEAN | N/A | Whether the certificate authority is an root certificate authority instance. The root certificate authorities are the first and may be the only certificate authorities configured in a Public Key Infrastructure(PKI) hierarchy. |
| CAEnrollmentInterfacesEPADisabled | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The Web-based endpoints of the certificate authority with Extended Authentication Protection (EPA) disabled. |
| EnrollmentAgentRestrictions | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | An enrollment agent is a user who can enroll for a certificate on behalf on another client. Unlike a certificate manager, an enrollment agent can only process the enrollment request and cannot approve pending requests or revoke issued certificates. Some organizations require further restrictions on enrollment agents. Rather than allow a certificate request agent to to enroll on behalf any client issued by a CA, the organization might want a certificate request agent to only enroll on behalf of a subset of all certificate templates or clients. Specified property contains the defined certificate request agent restrictions on the certificate authority. The data in this column formatted as, Name of the Enrollment Agent,Name of the Template ,Name of the Principal,Access. The definition is, Name of the Enrollment Agent has Access Type rights to enroll on behalf of Name of the Principal to the Name of the Template certificate template. |
| isEnrollmentCertificate | BOOLEAN | N/A | Whether the CA certificate can process certificate requests and issue certificates. |
| Version | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | Version of the certificate. |
| SubjectName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The subject name of the CA certificate. |
| Certchain | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The list of certificates that start from a server's certificate and terminate with the root certificate |
| EndDate | DATE | SMALLER, LARGER, BETWEEN, EQUAL | Expiry date of the CA certificate. |
| StartDate | DATE | SMALLER, LARGER, BETWEEN, EQUAL | Issue date of the CA certificate. |
| isRootCertificate | BOOLEAN | N/A | Whether the CA certificate belongs to a root CA. |
| Serial | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | A number that uniquely identifies the certificate and is issued by the certification authority. |
| SignatureAlgorithm | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The algorithm used to create the signature of a certificate. |
| KeyUsage | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. |
| Thumbprint | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The hash value computed over the complete certificate, which includes all its fields, including the signature. |
| IsInNTAuthStore | BOOLEAN | N/A | Whether the CA certificate in the NTAuthCertificates container. This object defines one or more CA certificates in its cacertificate attribute and AD uses it during authentication. The domain controller checks if NTAuthCertificates object contains an entry for the CA specified in the authenticating certificate's Issuer field. If it is, authentication proceeds. If the certificate is not in the NTAuthCertificates object, authentication fails. |
| IssuerName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The name of the certificate issuer. |
| SchemaVersion | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The certificate template schema version. |
| IsEnrolleeSuppliesSubject | BOOLEAN | N/A | Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to this certificate template has been allowed. |
| ValidityPeriod | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The period of time during which a certificate is intended to be valid. |
| MSPKICertificateApplicationPolicies | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies certificate application policy extension. In GUI, this attribute can be controlled by setting "Application Policies" in "Extensions" tab. (Field Reference) |
| IsManagerApprovalEnabled | BOOLEAN | N/A | Whether the certificate requests based on the template require manager approval to be issued. |
| IsPublished | BOOLEAN | N/A | Whether the certificate template has been published by any certificate authority. |
| NumberOfAuthorizedSignatures | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The number of Authorized Signatures to issue a certificate. |
| ExtendedKeyUsage | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed. |
| MSPKIRAPolicies | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Contains the list of required policy OIDs from registration authorities who sign the enrollment request. (Field Reference) |
| HasDomainAuthenticationEKU | BOOLEAN | N/A | Whether certificate template contains any Extended Key Usage(EKU) that allows to auhenticate in the domain. |
| MSPKIRAApplicationPolicies | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Encapsulates embedded properties for multipurpose use. In GUI, this attribute can be controlled by checking This number of authorized signatures check box in Issuance Requirements tab and choosing Application Policy menu. (Field Reference) |
| EnrollmentFlags | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies the enrollment flags. (Field Reference) |
| CertificateNameFlags | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specifies the subject name flags. (Field Reference) |
| RenewalPeriod | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The period of time during which a certificate is intended to be renew. |
| Severity | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | A special unique identifier that is a combination of the Name of the Organizational Unit and the Fully Qualified Domain Name of the Domain |
| Tags | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Labels attached to issues to categorize, group, and make it easy to understand. |
| Impact | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The special tag attached to issues to identify the effects of issues on Active Directory. |
| EaseOfDetection | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Indicates the level of effort to detect exploitation of the issues. Ease of Detection can be Easy, Medium, or High. |
| EaseOfMİtigation | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Indicates the level of effort to mitigate/remediate the issues. Ease of Mitigation can be Easy, Medium, or High. |
| EaseOfDecepetion | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Indicates the level of effort of implementing deceptive countermeasures based on issues. Ease of Detection can be Easy, Medium, or High. |
| FsprotectImpactName | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Refers to the specific impact classification or identifier assigned to a vulnerability within the FSProtect framework, defining the potential effect or severity associated with that vulnerability. |
| AttackTactic | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Specific tactical category derived from the MITRE ATT&CK® framework. It classifies the behavior, strategy, or stage of cyber threats within security analysis or incident response systems. Tactics help analysts identify attackers' objectives and better understand threat activities. |
| ForestMode | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The operating mode of the forest. (Field reference) |
| ForestModeLevel | NUMBER | EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL | The operating mode level of the forest. (Field reference) |
| Schema | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Distinguished Name of the Schema of the forest. |
| SchemaRoleOwner | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Domain controller that holds the FSMO schema master role for the forest. |
| NamingRoleOwner | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Domain controller that holds the FSMO naming master role for the forest. |
| RootDomain | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The Root Domain is the first domain created in a forest and acts as the central point for trust and namespace structure. |
| Path | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The full location where the script file was found during the scan. |
| GpoType | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Indicates the group policy type the script belongs to. (Machine, User) |
| IsRead | BOOLEAN | N/A | Indicates whether the file is readable by Everyone. |
| CommandLine | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | The CommandLine property defines the full command line used to run the script, including the script’s file path and parameters. It is read from the GPO configuration files (scripts.ini or psscripts.ini), which store the script settings for Startup, Shutdown, Logon, and Logoff processes. |
| Parameters | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Indicates the command line parameters that are required to run the script. |
| CanEveryoneWrite | BOOLEAN | N/A | Indicates whether the file is writable by Everyone. |
| EntityType | TEXT | LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY | Entity types represent distinct objects within the Active Directory environment, such as Domains, Users, and Group Policy Objects (GPOs). |