Namespace: ldap

Classes

Client

Interfaces

Variables

Functions

Variables

FilterAccountDisabled

• Const FilterAccountDisabled: "(userAccountControl:1.2.840.113556.1.4.803:=2)" The user account is disabled.

Defined in

ldap.ts:4

FilterAccountEnabled

• Const FilterAccountEnabled: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" The user account is enabled.

Defined in

ldap.ts:7

FilterCanSendEncryptedPassword

• Const FilterCanSendEncryptedPassword: "(userAccountControl:1.2.840.113556.1.4.803:=128)" The user can send an encrypted password.

Defined in

ldap.ts:10

FilterDontExpirePassword

• Const FilterDontExpirePassword: "(userAccountControl:1.2.840.113556.1.4.803:=65536)" Represents the password, which should never expire on the account.

Defined in

ldap.ts:13

FilterDontRequirePreauth

• Const FilterDontRequirePreauth: "(userAccountControl:1.2.840.113556.1.4.803:=4194304)" This account doesn’t require Kerberos pre-authentication for logging on.

Defined in

ldap.ts:16

FilterHasServicePrincipalName

• Const FilterHasServicePrincipalName: "(servicePrincipalName=*)" The object has a service principal name.

Defined in

ldap.ts:19

FilterHomedirRequired

• Const FilterHomedirRequired: "(userAccountControl:1.2.840.113556.1.4.803:=8)" The home folder is required.

Defined in

ldap.ts:22

FilterInterdomainTrustAccount

• Const FilterInterdomainTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=2048)" It’s a permit to trust an account for a system domain that trusts other domains.

Defined in

ldap.ts:25

FilterIsAdmin

• Const FilterIsAdmin: "(adminCount=1)" The object is an admin.

Defined in

ldap.ts:28

FilterIsComputer

• Const FilterIsComputer: "(objectCategory=computer)" The object is a computer.

Defined in

ldap.ts:31

FilterIsDuplicateAccount

• Const FilterIsDuplicateAccount: "(userAccountControl:1.2.840.113556.1.4.803:=256)" It’s an account for users whose primary account is in another domain.

Defined in

ldap.ts:34

FilterIsGroup

• Const FilterIsGroup: "(objectCategory=group)" The object is a group.

Defined in

ldap.ts:37

FilterIsNormalAccount

• Const FilterIsNormalAccount: "(userAccountControl:1.2.840.113556.1.4.803:=512)" It’s a default account type that represents a typical user.

Defined in

ldap.ts:40

FilterIsPerson

• Const FilterIsPerson: "(objectCategory=person)" The object is a person.

Defined in

ldap.ts:43

FilterLockout

• Const FilterLockout: "(userAccountControl:1.2.840.113556.1.4.803:=16)" The user is locked out.

Defined in

ldap.ts:46

FilterLogonScript

• Const FilterLogonScript: "(userAccountControl:1.2.840.113556.1.4.803:=1)" The logon script will be run.

Defined in

ldap.ts:49

FilterMnsLogonAccount

• Const FilterMnsLogonAccount: "(userAccountControl:1.2.840.113556.1.4.803:=131072)" It’s an MNS logon account.

Defined in

ldap.ts:52

FilterNotDelegated

• Const FilterNotDelegated: "(userAccountControl:1.2.840.113556.1.4.803:=1048576)" When this flag is set, the security context of the user isn’t delegated to a service even if the service account is set as trusted for Kerberos delegation.

Defined in

ldap.ts:55

FilterPartialSecretsAccount

• Const FilterPartialSecretsAccount: "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" The account is a read-only domain controller (RODC).

Defined in

ldap.ts:58

FilterPasswordCantChange

• Const FilterPasswordCantChange: "(userAccountControl:1.2.840.113556.1.4.803:=64)" The user can’t change the password.

Defined in

ldap.ts:61

FilterPasswordExpired

• Const FilterPasswordExpired: "(userAccountControl:1.2.840.113556.1.4.803:=8388608)" The user’s password has expired.

Defined in

ldap.ts:64

FilterPasswordNotRequired

• Const FilterPasswordNotRequired: "(userAccountControl:1.2.840.113556.1.4.803:=32)" No password is required.

Defined in

ldap.ts:67

FilterServerTrustAccount

• Const FilterServerTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=8192)" It’s a computer account for a domain controller that is a member of this domain.

Defined in

ldap.ts:70

FilterSmartCardRequired

• Const FilterSmartCardRequired: "(userAccountControl:1.2.840.113556.1.4.803:=262144)" When this flag is set, it forces the user to log on by using a smart card.

Defined in

ldap.ts:73

FilterTrustedForDelegation

• Const FilterTrustedForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=524288)" When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation.

Defined in

ldap.ts:76

FilterTrustedToAuthForDelegation

• Const FilterTrustedToAuthForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" The account is enabled for delegation.

Defined in

ldap.ts:79

FilterUseDesKeyOnly

• Const FilterUseDesKeyOnly: "(userAccountControl:1.2.840.113556.1.4.803:=2097152)" Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.

Defined in

ldap.ts:82

FilterWorkstationTrustAccount

• Const FilterWorkstationTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=4096)" It’s a computer account for a computer that is running old Windows builds.

Defined in

ldap.ts:85

Functions

DecodeADTimestamp

▸ DecodeADTimestamp(timestamp): string DecodeADTimestamp decodes an Active Directory timestamp

Parameters

Name	Type
`timestamp`	`string`

Returns

string Example

const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeADTimestamp('132036744000000000');
log(timestamp);

Defined in

ldap.ts:96

DecodeSID

▸ DecodeSID(s): string DecodeSID decodes a SID string

Parameters

Name	Type
`s`	`string`

Returns

string Example

const ldap = require('nuclei/ldap');
const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013');
log(sid);

Defined in

ldap.ts:111

DecodeZuluTimestamp

▸ DecodeZuluTimestamp(timestamp): string DecodeZuluTimestamp decodes a Zulu timestamp

Parameters

Name	Type
`timestamp`	`string`

Returns

string Example

const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z');
log(timestamp);

Defined in

ldap.ts:126

JoinFilters

▸ JoinFilters(filters): string JoinFilters joins multiple filters into a single filter

Parameters

Name	Type
`filters`	`any`

Returns

string Example

const ldap = require('nuclei/ldap');
const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled);

Defined in

ldap.ts:140

NegativeFilter

▸ NegativeFilter(filter): string NegativeFilter returns a negative filter for a given filter

Parameters

Name	Type
`filter`	`string`

Returns

string Example

const ldap = require('nuclei/ldap');
const filter = ldap.NegativeFilter(ldap.FilterIsPerson);

Defined in

ldap.ts:154

Templates

Protocols

Reference

Workflows

​Namespace: ldap

​Table of contents

​Classes

​Interfaces

​Variables

​Functions

​Variables

​FilterAccountDisabled

​Defined in

​FilterAccountEnabled

​Defined in

​FilterCanSendEncryptedPassword

​Defined in

​FilterDontExpirePassword

​Defined in

​FilterDontRequirePreauth

​Defined in

​FilterHasServicePrincipalName

​Defined in

​FilterHomedirRequired

​Defined in

​FilterInterdomainTrustAccount

​Defined in

​FilterIsAdmin

​Defined in

​FilterIsComputer

​Defined in

​FilterIsDuplicateAccount

​Defined in

​FilterIsGroup

​Defined in

​FilterIsNormalAccount

​Defined in

​FilterIsPerson

​Defined in

​FilterLockout

​Defined in

​FilterLogonScript

​Defined in

​FilterMnsLogonAccount

​Defined in

​FilterNotDelegated

​Defined in

​FilterPartialSecretsAccount

​Defined in

​FilterPasswordCantChange

​Defined in

​FilterPasswordExpired

​Defined in

​FilterPasswordNotRequired

​Defined in

​FilterServerTrustAccount

​Defined in

​FilterSmartCardRequired

​Defined in

​FilterTrustedForDelegation

​Defined in

​FilterTrustedToAuthForDelegation

​Defined in

​FilterUseDesKeyOnly

​Defined in

​FilterWorkstationTrustAccount

​Defined in

​Functions

​DecodeADTimestamp

​Parameters

​Returns

​Defined in

​DecodeSID

​Parameters

​Returns

​Defined in

​DecodeZuluTimestamp

​Parameters

​Returns

​Defined in

Namespace: ldap

Table of contents

Classes

Interfaces

Variables

Functions

Variables

FilterAccountDisabled

Defined in

FilterAccountEnabled

Defined in

FilterCanSendEncryptedPassword

Defined in

FilterDontExpirePassword

Defined in

FilterDontRequirePreauth

Defined in

FilterHasServicePrincipalName

Defined in

FilterHomedirRequired

Defined in

FilterInterdomainTrustAccount

Defined in

FilterIsAdmin

Defined in

FilterIsComputer

Defined in

FilterIsDuplicateAccount

Defined in

FilterIsGroup

Defined in

FilterIsNormalAccount

Defined in

FilterIsPerson

Defined in

FilterLockout

Defined in

FilterLogonScript

Defined in

FilterMnsLogonAccount

Defined in

FilterNotDelegated

Defined in

FilterPartialSecretsAccount

Defined in

FilterPasswordCantChange

Defined in

FilterPasswordExpired

Defined in

FilterPasswordNotRequired

Defined in

FilterServerTrustAccount

Defined in

FilterSmartCardRequired

Defined in

FilterTrustedForDelegation

Defined in

FilterTrustedToAuthForDelegation

Defined in

FilterUseDesKeyOnly

Defined in

FilterWorkstationTrustAccount

Defined in

Functions

DecodeADTimestamp

Parameters

Returns

Defined in

DecodeSID

Parameters

Returns

Defined in

DecodeZuluTimestamp

Parameters

Returns

Defined in

JoinFilters

Parameters

Returns

Defined in