Namespace: ldap

Table of contents

Classes

Interfaces

Variables

Functions

Variables

FilterAccountDisabled

Const FilterAccountDisabled: "(userAccountControl:1.2.840.113556.1.4.803:=2)" The user account is disabled.

Defined in

ldap.ts:4

FilterAccountEnabled

Const FilterAccountEnabled: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" The user account is enabled.

Defined in

ldap.ts:7

FilterCanSendEncryptedPassword

Const FilterCanSendEncryptedPassword: "(userAccountControl:1.2.840.113556.1.4.803:=128)" The user can send an encrypted password.

Defined in

ldap.ts:10

FilterDontExpirePassword

Const FilterDontExpirePassword: "(userAccountControl:1.2.840.113556.1.4.803:=65536)" Represents the password, which should never expire on the account.

Defined in

ldap.ts:13

FilterDontRequirePreauth

Const FilterDontRequirePreauth: "(userAccountControl:1.2.840.113556.1.4.803:=4194304)" This account doesn’t require Kerberos pre-authentication for logging on.

Defined in

ldap.ts:16

FilterHasServicePrincipalName

Const FilterHasServicePrincipalName: "(servicePrincipalName=*)" The object has a service principal name.

Defined in

ldap.ts:19

FilterHomedirRequired

Const FilterHomedirRequired: "(userAccountControl:1.2.840.113556.1.4.803:=8)" The home folder is required.

Defined in

ldap.ts:22

FilterInterdomainTrustAccount

Const FilterInterdomainTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=2048)" It’s a permit to trust an account for a system domain that trusts other domains.

Defined in

ldap.ts:25

FilterIsAdmin

Const FilterIsAdmin: "(adminCount=1)" The object is an admin.

Defined in

ldap.ts:28

FilterIsComputer

Const FilterIsComputer: "(objectCategory=computer)" The object is a computer.

Defined in

ldap.ts:31

FilterIsDuplicateAccount

Const FilterIsDuplicateAccount: "(userAccountControl:1.2.840.113556.1.4.803:=256)" It’s an account for users whose primary account is in another domain.

Defined in

ldap.ts:34

FilterIsGroup

Const FilterIsGroup: "(objectCategory=group)" The object is a group.

Defined in

ldap.ts:37

FilterIsNormalAccount

Const FilterIsNormalAccount: "(userAccountControl:1.2.840.113556.1.4.803:=512)" It’s a default account type that represents a typical user.

Defined in

ldap.ts:40

FilterIsPerson

Const FilterIsPerson: "(objectCategory=person)" The object is a person.

Defined in

ldap.ts:43

FilterLockout

Const FilterLockout: "(userAccountControl:1.2.840.113556.1.4.803:=16)" The user is locked out.

Defined in

ldap.ts:46

FilterLogonScript

Const FilterLogonScript: "(userAccountControl:1.2.840.113556.1.4.803:=1)" The logon script will be run.

Defined in

ldap.ts:49

FilterMnsLogonAccount

Const FilterMnsLogonAccount: "(userAccountControl:1.2.840.113556.1.4.803:=131072)" It’s an MNS logon account.

Defined in

ldap.ts:52

FilterNotDelegated

Const FilterNotDelegated: "(userAccountControl:1.2.840.113556.1.4.803:=1048576)" When this flag is set, the security context of the user isn’t delegated to a service even if the service account is set as trusted for Kerberos delegation.

Defined in

ldap.ts:55

FilterPartialSecretsAccount

Const FilterPartialSecretsAccount: "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" The account is a read-only domain controller (RODC).

Defined in

ldap.ts:58

FilterPasswordCantChange

Const FilterPasswordCantChange: "(userAccountControl:1.2.840.113556.1.4.803:=64)" The user can’t change the password.

Defined in

ldap.ts:61

FilterPasswordExpired

Const FilterPasswordExpired: "(userAccountControl:1.2.840.113556.1.4.803:=8388608)" The user’s password has expired.

Defined in

ldap.ts:64

FilterPasswordNotRequired

Const FilterPasswordNotRequired: "(userAccountControl:1.2.840.113556.1.4.803:=32)" No password is required.

Defined in

ldap.ts:67

FilterServerTrustAccount

Const FilterServerTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=8192)" It’s a computer account for a domain controller that is a member of this domain.

Defined in

ldap.ts:70

FilterSmartCardRequired

Const FilterSmartCardRequired: "(userAccountControl:1.2.840.113556.1.4.803:=262144)" When this flag is set, it forces the user to log on by using a smart card.

Defined in

ldap.ts:73

FilterTrustedForDelegation

Const FilterTrustedForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=524288)" When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation.

Defined in

ldap.ts:76

FilterTrustedToAuthForDelegation

Const FilterTrustedToAuthForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" The account is enabled for delegation.

Defined in

ldap.ts:79

FilterUseDesKeyOnly

Const FilterUseDesKeyOnly: "(userAccountControl:1.2.840.113556.1.4.803:=2097152)" Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.

Defined in

ldap.ts:82

FilterWorkstationTrustAccount

Const FilterWorkstationTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=4096)" It’s a computer account for a computer that is running old Windows builds.

Defined in

ldap.ts:85

Functions

DecodeADTimestamp

DecodeADTimestamp(timestamp): string DecodeADTimestamp decodes an Active Directory timestamp

Parameters

NameType
timestampstring

Returns

string Example
const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeADTimestamp('132036744000000000');
log(timestamp);

Defined in

ldap.ts:96

DecodeSID

DecodeSID(s): string DecodeSID decodes a SID string

Parameters

NameType
sstring

Returns

string Example
const ldap = require('nuclei/ldap');
const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013');
log(sid);

Defined in

ldap.ts:111

DecodeZuluTimestamp

DecodeZuluTimestamp(timestamp): string DecodeZuluTimestamp decodes a Zulu timestamp

Parameters

NameType
timestampstring

Returns

string Example
const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z');
log(timestamp);

Defined in

ldap.ts:126

JoinFilters

JoinFilters(filters): string JoinFilters joins multiple filters into a single filter

Parameters

NameType
filtersany

Returns

string Example
const ldap = require('nuclei/ldap');
const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled);

Defined in

ldap.ts:140

NegativeFilter

NegativeFilter(filter): string NegativeFilter returns a negative filter for a given filter

Parameters

NameType
filterstring

Returns

string Example
const ldap = require('nuclei/ldap');
const filter = ldap.NegativeFilter(ldap.FilterIsPerson);

Defined in

ldap.ts:154