Tier2
Guid
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
A unique identifier that is a combination of GUID of selected Scan and Active Directory ObjectGUID of the object.
FSName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
A special unique identifier that is a combination of the Name of the object and the Fully Qualified Domain Name of the Domain.
ObjectSid
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Active Directory security identifier of object. (Ldap Display Name: objectSid)
Name
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Name of the specified object. (Ldap Display Name: name)
IsDomainController
BOOLEAN
N/A
Indicates whether the machine is a Domain Controller server.
OperatingSystem
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The name of the operating system that runs on the computer. (Ldap Display Name: operatingSystem)
OperatingSystemVersion
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The version of the operating system that runs on the computer. (Ldap Display Name: operatingSystemVersion)
IsEnabled
BOOLEAN
N/A
Indicates whether the object is enabled.
DistinguishedName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Active Directory distinguished name of the object. (Ldap Display Name: distinguishedName)
session_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates the number of sessions on the computer.
explicit_localadmin_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates the number of explicit local admins on the computer.
IsPrivileged
BOOLEAN
N/A
Indicates that the object is Privileged.
IsSMBv202Active
BOOLEAN
N/A
Indicates whether the SMB Version 2.2 is active.
IsUnsupported
BOOLEAN
N/A
Indicates whether the computer runs an unsupported/obsolote operating system.
IsAdmin
BOOLEAN
N/A
Indicates that the object is Admin.
DNSHostName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Fully qualified domain name of computer as registered in DNS. (Ldap Display Name: dNSHostName)
IsSpoolActive
BOOLEAN
N/A
Indicates whether the Spool service is running on the computer.
WhenChanged
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date when this object was last changed. (Ldap Display Name: whenChanged)
IsProtected
BOOLEAN
N/A
Indicates that the object is a direct or nested member of the Protected Users group.
WhenCreated
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date when this object was created. (Ldap Display Name: whenCreated)
MsDSSupportedEncryptionTypes
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The encryption algorithms supported by user, computer or trust accounts. The KDC uses this information while generating a service ticket for this account. Services and Computers can automatically update this attribute on their respective accounts in Active Directory, and therefore need write access to this attribute. (LDAP Display Name: msDS-SupportedEncryptionTypes)
IsSMBv2v3SignEnabled
BOOLEAN
N/A
Indicates whether the SMB Version 2 and Version 3 protocol signing is enabled.
HasLaps
BOOLEAN
N/A
Indicates whether the local administrator account on the computer is managed through LAPS(Local Administrator Password Solution).
IPAddress
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
IPV4 Network address of the computer.
risk
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The risk score of the object that calculated based on vulnerability counts and severities.
UserAccountControl
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Flags that control different attributes and behavior of the objects. (Ldap Display Name: userAccountControl) (Field Reference)
AllowedtoDelegateSpn
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Contains Service Principal Name definitions in the context of Constrained Delegation. (LDAP Display Name: msDS-AllowedToDelegateTo)
SAMAccountName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The logon name used to support clients and servers running earlier versions of the operating system, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. (Ldap Display Name: sAMAccountName)
DontReqPasswd
BOOLEAN
N/A
Indicates whether the object's password can be blank.
DontReqPreauth
BOOLEAN
N/A
Indicates whether the Kerberos Pre-Authentication mechanism was disabled for the object.
Cn
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The name that represents an object. Used to perform searches. (Ldap Display Name: cn)
IsSMBv2v3SignRequired
BOOLEAN
N/A
Indicates whether the SMB Version 2 and Version 3 protocol requires signing.
HasReversibleEncryption
BOOLEAN
N/A
Indicates whether the object is using reversible encryption instead of hash to keep credentials.
IsSMBv210Active
BOOLEAN
N/A
Indicates whether the SMB Version 2.10 is active.
SidHistory
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Contains previous SIDs used for the object if the object was moved from another domain. Whenever an object is moved from one domain to another, a new SID is created and that new SID becomes the objectSID. The previous SID is added to the sIDHistory property. (Ldap Display Name: sIDHistory)
IsSMBv1Active
BOOLEAN
N/A
Indicates whether the SMB Version 1 is active.
PwdLastSet
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The date and time that the password for this account was last changed. If this value is set to 0 and the User-Account-Control attribute does not contain the UF_DONT_EXPIRE_PASSWD flag, then the user must set the password at the next logon. (Ldap Display Name: pwdLastSet)
IsUsingDESAlgorithmForHashing
BOOLEAN
N/A
Indicates whether the object is using an insecure DES algorithm in Kerberos protocol.
AdminCount
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates that a given object has had its ACLs changed to a more secure value by the system because it was a member of one of the administrative groups (directly or transitively). (Ldap Display Name: adminCount)
LapsExpirationTime
DATE
SMALLER, LARGER, BETWEEN, EQUAL
Stores the password expiration time of LAPS. (Ldap Display Name: ms-Mcs-AdmPwdExpirationTime)
LastLogon
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The last time the user logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: lastLogon)
HasUnconstrainedDelegation
BOOLEAN
N/A
Indicates whether the Unconstrained Delegation is activated on the object.
IsSMBPortOpen
BOOLEAN
N/A
Indicates whether port 445 of the computer is accessible.
LogonCount
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of times the account has successfully logged on. This attribute is not replicated to other Domain Controllers. (Ldap Display Name: logonCount)
IsSMBv311Active
BOOLEAN
N/A
Indicates whether the SMB Version 3.1 is active.
BadPwdCount
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of times the object tried to log on to the account using an incorrect password. (Ldap Display Name: badPwdCount)
HasConstrainedDelegation
BOOLEAN
N/A
Indicates whether the Constrained Delegation is activated on the object.
IsStealth
BOOLEAN
N/A
Indicates that the object can compromise admin objects with at least one attack path.
HasResourceBasedConstrainedDelegation
BOOLEAN
N/A
Indicates whether the Resource Based Constrained Delegation is activated on the object.
IsSMBv300Active
BOOLEAN
N/A
Indicates whether the SMB Version 3 is active.
group_delegated_localadmin_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates that the object has group delegated local admin privilege on how many computers.
PrimaryGroupID
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Contains the relative identifier (RID) for the primary group of the object. (Ldap Display Name: primaryGroupID)
IsSMBv302Active
BOOLEAN
N/A
Indicates whether the SMB Version 3.2 is active.
LastLogonTimestamp
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The time that the user last logged into the domain. This attribute is replicated to other Domain Controllers but not updated until after 14 (msDS-LogonTimeSyncInterval) days. (Ldap Display Name: lastLogonTimestamp)
SAMAccountType
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Specifies the account type of the security principal objects in Active Directory. (LDAP Display Name: sAMAccountType) (Field Reference)
IsLocalAdmin
BOOLEAN
N/A
Indicates that the object is a member (direct or nested) of a local administrators group in at least one computer.
HasProtocolTransition
BOOLEAN
N/A
Indicates whether the Constrained Delegation with Protocol transition is activated on the object.
IsSMBv1SignRequired
BOOLEAN
N/A
Indicates whether the SMB Version 1 protocol requires signing.
DisplayName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The display name for an object. This is usually the combination of the users first name, middle initial, and last name. (LDAP Display Name: displayName)
IsServiceUser
BOOLEAN
N/A
Indicates whether the object is managing services through Service Principal Name.
IsWindowsOS
BOOLEAN
N/A
Determines whether the current operating system is a version of Microsoft Windows. It returns true if the OS is Windows, otherwise false.
IsWindowsServer
BOOLEAN
N/A
Checks if the operating system is a Windows Server edition. It returns true if the OS is a Windows Server, otherwise false.
IsWSUServer
BOOLEAN
N/A
Checks if the machine is configured as a Windows Server Update Services (WSUS) server. Returns true if it is a WSUS server, otherwise false.
HTTPUpdateService
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Handles application updates by communicating with a remote server over HTTP. It fetches version information, compares it with the application's current version, and initiates the update process if necessary.
IsInactive
BOOLEAN
N/A
Indicates whether a computer has been enabled but unused (no logon) for a period longer than the defined inactivity threshold
member_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The total count of the direct member objects.
IsAccountLocked
BOOLEAN
N/A
Indicates whether the account password was locked due to multiple incorrect password attempts.
IsDomainController
BOOLEAN
N/A
Indicates whether the machine is a Domain Controller server.
ServicePrincipalName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
These SPN entries indicate that the computer has Kerberos service identifiers registered for both its hostname and fully qualified domain name under the HOST and RestrictedKrbHost service classes, allowing it to securely participate in Kerberos authentication.
MsDsCreatorSid
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
security identifier (SID) of the account that originally created the Active Directory object, retrieved in binary form and converted to a readable SID string.
Description
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Description text to display for an object. (Ldap Display Name: description)
SmbShares
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Shared folders or printers on a network using the SMB (Server Message Block) protocol for file and resource sharing.
ExposurePoint
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
ExposurePoint: A numerical value indicating the level of risk or exposure.
InfrastructureRoleOwner
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Domain controller that holds the infrastructure owner role.
RidRoleOwner
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Domain controller that holds the relative identifier (RID) master role for this domain.
FSMORoleOwner
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Flexible Single-Master Operation: The distinguished name of the DC where the schema can be modified. (Ldap Display Name: fSMORoleOwner)
IsRootDomain
BOOLEAN
N/A
Indicates whether the domain is the root of the forest.
IsRecycleBinEnabled
BOOLEAN
N/A
Indicates whether the recycle bin is activated for the domain.
PwdProperties
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
A bitfield to indicate complexity and storage restrictions. (Ldap Display Name: pwdProperties) (Field Reference)
IsEnumerable
BOOLEAN
N/A
Indicates the FSProtect enumeration status of the domain.
PdcRoleOwner
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Domain controller that holds the primary domain controller (PDC) for this domain.
DomainMode
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The operating mode of the domain. (Field reference)
LockoutThreshold
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of invalid logon attempts that are permitted before the account is locked out. (Ldap Display Name: lockoutThreshold)
PwdHistoryLength
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of old passwords to save. (Ldap Display Name: pwdHistoryLength)
DomainModeLevel
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The operating mode level of the domain. (Field Reference)
NetbiosName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The name of the object to be used over NetBIOS. (Ldap Display Name: nETBIOSName)
MinPwdLength
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The minimum number of characters that a password must contain. (Ldap Display Name: minPwdLength)
MsDSMachineAccountQuota
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of computer accounts that a user is allowed to create in a domain. (Ldap Display Name: ms-DS-MachineAccountQuota)
msDSMaximumPasswordAge
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Defines the maximum number of days a user password remains valid before it must be changed.
msDSPasswordSettingsPrecedence
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Specifies the precedence of the password policy. Lower numbers have higher priority.
msDSPasswordReversibleEncryptionEnabled
BOOLEAN
N/A
Specifies whether reversible encryption is enabled for user passwords.
MinimumPassAge
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies the minimum number of days a user must wait before changing their password again.
msDSPasswordComplexityEnabled
BOOLEAN
N/A
The status of password complexity requirements for user accounts.
msDSLockoutObservationWindow
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies the time window (in minutes) during which failed logon attempts are counted before account lockout.
msDSPasswordHistoryLength
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Specifies the number of previous passwords remembered to prevent reuse by the user.
msDSLockoutThreshold
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Specifies the number of failed logon attempts allowed before the user account is locked out.
msDSLockoutDuration
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies the duration (in minutes) that a user account remains locked after reaching the lockout threshold.
msDSMinimumPasswordLength
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Specifies the minimum number of characters required in a user password.
IsWeak
BOOLEAN
N/A
Shows whether the password policy settings are considered insecure, based on factors like short passwords, lack of complexity, absence of account lockout, or reversible encryption.
GPCFunctionalityVersion
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The version of the Group Policy Editor that created this object. (Ldap Display Name: gPCFunctionalityVersion)
Flags
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates the state of the GPO. (Ldap Display Name: flags) (Field Reference)
GPCMachineExtensionNames
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
lists the GUIDs of client-side extensions (CSEs) linked to a Group Policy Object (GPO) that apply machine-level settings.
unrolled_linked_entity_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The total number of objects that are affected by the group policy.
PolicyRules
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Contains group policy object settings in XML format.
VersionNumber
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
A general purpose version number. (Ldap Display Name: versionNumber)
GPCFileSysPath
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
SYSVOL Policy folder path of the group policy object. (Ldap Display Name: gPCFileSysPath)
IsCriticalSystemObject
BOOLEAN
N/A
N/A
IsEmpty
BOOLEAN
N/A
Indicates whether the Group Policy Object (GPO) contains any policy rules; it is true if PolicyRules is null or empty, meaning the GPO has no defined policies.
Passwords
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Plain-text passwords in Group Policy related configuration files.
ObjectClass
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
It tells what kind of object the entry is, and more importantly, what set of attributes that object can or must have.
GroupType
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Contains a set of flags that define the type and scope of a group object. (Ldap Display Name: https://learn.microsoft.com/en-us/windows/win32/adschema/a-grouptype)
first_degree_localadmin_count
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Indicates that the account has explicit local admin privilege on how many computers.
PasswordExpirationDate
DATE
SMALLER, LARGER, BETWEEN, EQUAL
The expiration date of the object's password.
HasNonExpiringPassword
BOOLEAN
N/A
Indicates whether the object's password is set to never expire.
MsDSManagedPasswordInterval
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
This attribute is used to retrieve the number of days before a managed password is automatically changed for a group MSA. (Ldap Display Name: msDS-ManagedPasswordInterval)
HasLocalService
BOOLEAN
N/A
Indicates whether the object has managing local services (without SPN).
IsSensetive
BOOLEAN
N/A
Indicates whether the object's NOT_DELEGATED bit of UserAccountControl is set. This attribute is used to disable Kerberos delegations for objects.
IsPasswordExpired
BOOLEAN
N/A
Indicates whether the object's password is expired and should be changed.
IsDomainGroup
BOOLEAN
N/A
Indicates whether the group is a Domain Group (true) defined in Active Directory or a Local Group (false) defined only on the local machine.
can_rdp
BOOLEAN
N/A
Indicates whether the local user can have enough privilege to connect with RDP (Remote Desktop Protocol) to the computer.
can_exec_pwsh
BOOLEAN
N/A
Indicates whether the local user can have enough privilege to execute commands with Powershell on the computer.
admin_to
BOOLEAN
N/A
Indicates whether the local user can have admin privilege on the computer.
can_exec_dcom
BOOLEAN
N/A
Indicates whether the local user can have enough privilege to execute commands with DCOM(Distributed Component Object Model) protocol on the computer.
inComputerName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
FSName of the computer that contains the local user.
inComputerGuid
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Guid of the computer that contains the local user.
IsDomainUser
BOOLEAN
N/A
That indicates whether a user account belongs to a domain or is a local account.
inLocalGroupName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
FSName of the local group that contains the local user.
inLocalGroupGuid
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Guid of the local group that contains the local user.
BlockInheritance
BOOLEAN
N/A
Indicates whether the OU blocks Group Policy inheritance. (Ldap Display Name: gPOptions)
Host
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Fully qualified domain name or NetBIOS name of the computer that the service running on.
Port
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Port number of the service.
ServiceName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies the unique identifier or instance name of the service within the SPN, distinguishing it from other similar service instances.
FullName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Combination of the DNSHostName and the Name of the certificate authority.
ServiceClass
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Name of the service.
UserPrincipalName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Internet-style unique login name for a user based on the Internet standard RFC 822. A UPN consists of a UPN prefix (the user account name) and a UPN suffix (a DNS domain name). (Ldap Display Name: userPrincipalName)
IsTrustAccount
BOOLEAN
N/A
Indicates whether the object is used to manage the related trust.
GivenName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Contains the given name (first name) of the user. (Ldap Display Name: givenName)
Sn
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
This attribute contains the family or last name for a user. (LDAP Display Name: Sn)
AllowsUserSpecifiedSANs
BOOLEAN
N/A
Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to any certificate template that is published by this certificate authority server has been allowed.
CertificateManagerRestrictions
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Some organizations require further restrictions on certificate manager activities. Rather than allow a certificate manager to issue or revoke any certificate issued by a CA, the organization might want a certificate manager to only manage a subset of all certificates. Specified property contains the defined certificate manager restrictions on the certificate authority. The data in this column formatted as, Name of the Certificate Manager,Name of the Template ,Name of the Principal,Access Type. The definition is, Name of the Certificate Manager has Access Type rights on Name of the Principal to manage the Name of the Template template.
isEnterpriseCa
BOOLEAN
N/A
Whether the certificate authority is an enterprise certificate authority instance. Enterprise certificate authorities are domain members and typically online to issue certificates or certificate policies.
EnterpriseCAName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Name of the CA server, specified in the ADCS installation.
CaCertificateDN
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Full distinguished name from the CA certificate.
IsWebEnrollmentEnabled
BOOLEAN
N/A
Whether the certificate authority server supports web-based enrollment for the clients.
CAEnrollmentInterfacesHTTPEnabled
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The Web-based endpoints of the certificate authority with HTTP enabled.
CAFlags
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The certificate authority flags attribute stores the bitwise combination of the certificate authority server's capabilities.
NetworkDeviceEnrollmentServiceUrls
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Network device enrollment url addresses of the certificate authority.
CAWebEnrollmentUrls
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Certificate authority web enrollment url addresses of the certificate authority.
CertificateEnrollmentPolicyWebServiceUrls
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Certificate enrollment policy web service url addresses of the certificate authority.
CertificateEnrollmentWebServiceUrls
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Certificate enrollment web service url addresses of the certificate authority.
isRootCA
BOOLEAN
N/A
Whether the certificate authority is an root certificate authority instance. The root certificate authorities are the first and may be the only certificate authorities configured in a Public Key Infrastructure(PKI) hierarchy.
CAEnrollmentInterfacesEPADisabled
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The Web-based endpoints of the certificate authority with Extended Authentication Protection (EPA) disabled.
EnrollmentAgentRestrictions
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
An enrollment agent is a user who can enroll for a certificate on behalf on another client. Unlike a certificate manager, an enrollment agent can only process the enrollment request and cannot approve pending requests or revoke issued certificates. Some organizations require further restrictions on enrollment agents. Rather than allow a certificate request agent to to enroll on behalf any client issued by a CA, the organization might want a certificate request agent to only enroll on behalf of a subset of all certificate templates or clients. Specified property contains the defined certificate request agent restrictions on the certificate authority. The data in this column formatted as, Name of the Enrollment Agent,Name of the Template ,Name of the Principal,Access. The definition is, Name of the Enrollment Agent has Access Type rights to enroll on behalf of Name of the Principal to the Name of the Template certificate template.
isEnrollmentCertificate
BOOLEAN
N/A
Whether the CA certificate can process certificate requests and issue certificates.
Version
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
Version of the certificate.
SubjectName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The subject name of the CA certificate.
Certchain
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The list of certificates that start from a server's certificate and terminate with the root certificate
EndDate
DATE
SMALLER, LARGER, BETWEEN, EQUAL
Expiry date of the CA certificate.
StartDate
DATE
SMALLER, LARGER, BETWEEN, EQUAL
Issue date of the CA certificate.
isRootCertificate
BOOLEAN
N/A
Whether the CA certificate belongs to a root CA.
Serial
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
A number that uniquely identifies the certificate and is issued by the certification authority.
SignatureAlgorithm
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The algorithm used to create the signature of a certificate.
KeyUsage
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed.
Thumbprint
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The hash value computed over the complete certificate, which includes all its fields, including the signature.
IsInNTAuthStore
BOOLEAN
N/A
Whether the CA certificate in the NTAuthCertificates container. This object defines one or more CA certificates in its cacertificate attribute and AD uses it during authentication. The domain controller checks if NTAuthCertificates object contains an entry for the CA specified in the authenticating certificate's Issuer field. If it is, authentication proceeds. If the certificate is not in the NTAuthCertificates object, authentication fails.
IssuerName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The name of the certificate issuer.
SchemaVersion
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The certificate template schema version.
IsEnrolleeSuppliesSubject
BOOLEAN
N/A
Whether specifying a Subject Alternative Name (SAN) during certificate enrollment to this certificate template has been allowed.
ValidityPeriod
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The period of time during which a certificate is intended to be valid.
MSPKICertificateApplicationPolicies
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies certificate application policy extension. In GUI, this attribute can be controlled by setting "Application Policies" in "Extensions" tab. (Field Reference)
IsManagerApprovalEnabled
BOOLEAN
N/A
Whether the certificate requests based on the template require manager approval to be issued.
IsPublished
BOOLEAN
N/A
Whether the certificate template has been published by any certificate authority.
NumberOfAuthorizedSignatures
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The number of Authorized Signatures to issue a certificate.
ExtendedKeyUsage
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Key usage extensions define the purpose of the public key contained in a certificate. You can use them to restrict the public key to as few or as many operations as needed.
MSPKIRAPolicies
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Contains the list of required policy OIDs from registration authorities who sign the enrollment request. (Field Reference)
HasDomainAuthenticationEKU
BOOLEAN
N/A
Whether certificate template contains any Extended Key Usage(EKU) that allows to auhenticate in the domain.
MSPKIRAApplicationPolicies
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Encapsulates embedded properties for multipurpose use. In GUI, this attribute can be controlled by checking This number of authorized signatures check box in Issuance Requirements tab and choosing Application Policy menu. (Field Reference)
EnrollmentFlags
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies the enrollment flags. (Field Reference)
CertificateNameFlags
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specifies the subject name flags. (Field Reference)
RenewalPeriod
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The period of time during which a certificate is intended to be renew.
Severity
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
A special unique identifier that is a combination of the Name of the Organizational Unit and the Fully Qualified Domain Name of the Domain
Tags
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Labels attached to issues to categorize, group, and make it easy to understand.
Impact
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The special tag attached to issues to identify the effects of issues on Active Directory.
EaseOfDetection
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Indicates the level of effort to detect exploitation of the issues. Ease of Detection can be Easy, Medium, or High.
EaseOfMÄ°tigation
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Indicates the level of effort to mitigate/remediate the issues. Ease of Mitigation can be Easy, Medium, or High.
EaseOfDecepetion
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Indicates the level of effort of implementing deceptive countermeasures based on issues. Ease of Detection can be Easy, Medium, or High.
FsprotectImpactName
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Refers to the specific impact classification or identifier assigned to a vulnerability within the FSProtect framework, defining the potential effect or severity associated with that vulnerability.
AttackTactic
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Specific tactical category derived from the MITRE ATT&CK® framework. It classifies the behavior, strategy, or stage of cyber threats within security analysis or incident response systems. Tactics help analysts identify attackers' objectives and better understand threat activities.
ForestMode
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The operating mode of the forest. (Field reference)
ForestModeLevel
NUMBER
EQUAL, BETWEEN, SMALLER, LARGER, SMALLER_EQUAL, LARGER_EQUAL
The operating mode level of the forest. (Field reference)
Schema
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Distinguished Name of the Schema of the forest.
SchemaRoleOwner
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Domain controller that holds the FSMO schema master role for the forest.
NamingRoleOwner
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Domain controller that holds the FSMO naming master role for the forest.
RootDomain
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The Root Domain is the first domain created in a forest and acts as the central point for trust and namespace structure.
Path
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
GpoType
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Indicates the group policy type the script belongs to. (Machine, User)
IsRead
BOOLEAN
N/A
Indicates whether the file is readable by Everyone.
CommandLine
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
The CommandLine property defines the full command line used to run the script, including the script’s file path and parameters. It is read from the GPO configuration files (scripts.ini or psscripts.ini), which store the script settings for Startup, Shutdown, Logon, and Logoff processes.
Parameters
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Indicates the command line parameters that are required to run the script.
CanEveryoneWrite
BOOLEAN
N/A
Indicates whether the file is writable by Everyone.
EntityType
TEXT
LIKE,NOT_LIKE EQUAL,NOT_EQUAL,IS_EMPTY
Entity types represent distinct objects within the Active Directory environment, such as Domains, Users, and Group Policy Objects (GPOs).
Last updated
Was this helpful?