Namespace: ldap

Table of contents

Classes

Interfaces

Variables

Functions

Variables

FilterAccountDisabled

Const FilterAccountDisabled: "(userAccountControl:1.2.840.113556.1.4.803:=2)"

The user account is disabled.

Defined in

ldap.ts:4


FilterAccountEnabled

Const FilterAccountEnabled: "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"

The user account is enabled.

Defined in

ldap.ts:7


FilterCanSendEncryptedPassword

Const FilterCanSendEncryptedPassword: "(userAccountControl:1.2.840.113556.1.4.803:=128)"

The user can send an encrypted password.

Defined in

ldap.ts:10


FilterDontExpirePassword

Const FilterDontExpirePassword: "(userAccountControl:1.2.840.113556.1.4.803:=65536)"

Represents the password, which should never expire on the account.

Defined in

ldap.ts:13


FilterDontRequirePreauth

Const FilterDontRequirePreauth: "(userAccountControl:1.2.840.113556.1.4.803:=4194304)"

This account doesn’t require Kerberos pre-authentication for logging on.

Defined in

ldap.ts:16


FilterHasServicePrincipalName

Const FilterHasServicePrincipalName: "(servicePrincipalName=*)"

The object has a service principal name.

Defined in

ldap.ts:19


FilterHomedirRequired

Const FilterHomedirRequired: "(userAccountControl:1.2.840.113556.1.4.803:=8)"

The home folder is required.

Defined in

ldap.ts:22


FilterInterdomainTrustAccount

Const FilterInterdomainTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=2048)"

It’s a permit to trust an account for a system domain that trusts other domains.

Defined in

ldap.ts:25


FilterIsAdmin

Const FilterIsAdmin: "(adminCount=1)"

The object is an admin.

Defined in

ldap.ts:28


FilterIsComputer

Const FilterIsComputer: "(objectCategory=computer)"

The object is a computer.

Defined in

ldap.ts:31


FilterIsDuplicateAccount

Const FilterIsDuplicateAccount: "(userAccountControl:1.2.840.113556.1.4.803:=256)"

It’s an account for users whose primary account is in another domain.

Defined in

ldap.ts:34


FilterIsGroup

Const FilterIsGroup: "(objectCategory=group)"

The object is a group.

Defined in

ldap.ts:37


FilterIsNormalAccount

Const FilterIsNormalAccount: "(userAccountControl:1.2.840.113556.1.4.803:=512)"

It’s a default account type that represents a typical user.

Defined in

ldap.ts:40


FilterIsPerson

Const FilterIsPerson: "(objectCategory=person)"

The object is a person.

Defined in

ldap.ts:43


FilterLockout

Const FilterLockout: "(userAccountControl:1.2.840.113556.1.4.803:=16)"

The user is locked out.

Defined in

ldap.ts:46


FilterLogonScript

Const FilterLogonScript: "(userAccountControl:1.2.840.113556.1.4.803:=1)"

The logon script will be run.

Defined in

ldap.ts:49


FilterMnsLogonAccount

Const FilterMnsLogonAccount: "(userAccountControl:1.2.840.113556.1.4.803:=131072)"

It’s an MNS logon account.

Defined in

ldap.ts:52


FilterNotDelegated

Const FilterNotDelegated: "(userAccountControl:1.2.840.113556.1.4.803:=1048576)"

When this flag is set, the security context of the user isn’t delegated to a service even if the service account is set as trusted for Kerberos delegation.

Defined in

ldap.ts:55


FilterPartialSecretsAccount

Const FilterPartialSecretsAccount: "(userAccountControl:1.2.840.113556.1.4.803:=67108864)"

The account is a read-only domain controller (RODC).

Defined in

ldap.ts:58


FilterPasswordCantChange

Const FilterPasswordCantChange: "(userAccountControl:1.2.840.113556.1.4.803:=64)"

The user can’t change the password.

Defined in

ldap.ts:61


FilterPasswordExpired

Const FilterPasswordExpired: "(userAccountControl:1.2.840.113556.1.4.803:=8388608)"

The user’s password has expired.

Defined in

ldap.ts:64


FilterPasswordNotRequired

Const FilterPasswordNotRequired: "(userAccountControl:1.2.840.113556.1.4.803:=32)"

No password is required.

Defined in

ldap.ts:67


FilterServerTrustAccount

Const FilterServerTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=8192)"

It’s a computer account for a domain controller that is a member of this domain.

Defined in

ldap.ts:70


FilterSmartCardRequired

Const FilterSmartCardRequired: "(userAccountControl:1.2.840.113556.1.4.803:=262144)"

When this flag is set, it forces the user to log on by using a smart card.

Defined in

ldap.ts:73


FilterTrustedForDelegation

Const FilterTrustedForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=524288)"

When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation.

Defined in

ldap.ts:76


FilterTrustedToAuthForDelegation

Const FilterTrustedToAuthForDelegation: "(userAccountControl:1.2.840.113556.1.4.803:=16777216)"

The account is enabled for delegation.

Defined in

ldap.ts:79


FilterUseDesKeyOnly

Const FilterUseDesKeyOnly: "(userAccountControl:1.2.840.113556.1.4.803:=2097152)"

Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.

Defined in

ldap.ts:82


FilterWorkstationTrustAccount

Const FilterWorkstationTrustAccount: "(userAccountControl:1.2.840.113556.1.4.803:=4096)"

It’s a computer account for a computer that is running old Windows builds.

Defined in

ldap.ts:85

Functions

DecodeADTimestamp

DecodeADTimestamp(timestamp): string

DecodeADTimestamp decodes an Active Directory timestamp

Parameters

NameType
timestampstring

Returns

string

Example

const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeADTimestamp('132036744000000000');
log(timestamp);

Defined in

ldap.ts:96


DecodeSID

DecodeSID(s): string

DecodeSID decodes a SID string

Parameters

NameType
sstring

Returns

string

Example

const ldap = require('nuclei/ldap');
const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013');
log(sid);

Defined in

ldap.ts:111


DecodeZuluTimestamp

DecodeZuluTimestamp(timestamp): string

DecodeZuluTimestamp decodes a Zulu timestamp

Parameters

NameType
timestampstring

Returns

string

Example

const ldap = require('nuclei/ldap');
const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z');
log(timestamp);

Defined in

ldap.ts:126


JoinFilters

JoinFilters(filters): string

JoinFilters joins multiple filters into a single filter

Parameters

NameType
filtersany

Returns

string

Example

const ldap = require('nuclei/ldap');
const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled);

Defined in

ldap.ts:140


NegativeFilter

NegativeFilter(filter): string

NegativeFilter returns a negative filter for a given filter

Parameters

NameType
filterstring

Returns

string

Example

const ldap = require('nuclei/ldap');
const filter = ldap.NegativeFilter(ldap.FilterIsPerson);

Defined in

ldap.ts:154