The node supports the properties of the table below.
Properties which are blank/null will not be shown in the Entity Panel.
|Entity Panel name
|Tier Zero / High Value
|BloodHound Enterprise: Whether the object is part of Tier Zero of the Microsoft's Active Directory Tier Model, or the Control Plane of Microsoft's Enterprise Access Model.
BloodHound CE: Whether the object is currently marked as High Value. By default any object that belongs to Tier Zero is marked as High Value.
|The display name for the object.
|The object's security identifier (SID), a unique identifier in the directory.
|ACL Inheritance Denied
|Identifies whether an object is allowing ACL inheritance to itself.
|Whether the object currently, or possibly ever has belonged to a certain set of highly privileged groups. For Active Directory nodes this is related to the AdminSDHolder object and the SDProp process. Read more about that here.
|Admin Rights Count
|The number of computers that the object has been added to the local administrators group on.
|Allows Unconstrained Delegation
Whether the object is allowed to perform unconstrained kerberos delegation. See more info about that here.
|The time when the object was created in the directory.
|The contents of the description field for the object.
|Do Not Require Pre-Authentication
|Whether object is not required to perform Kerberos pre-authentication. Pre-authentication is also known as Kerberos ticket-granting-ticket (TGT).
|The contents of the email field for the object.
|Whether the computer object is enabled.
|The last time the domain controller you got this data from handled a logon request for the object. Attribute 'lastlogon'.
|Last Logon (Replicated)
|The last time any domain controller handled a logon for this object,
the value is, by default, only updated if the latest logon is greater than or equal to 14 days than the previous value. Attribute 'lastlogontimestamp'.
|Whether the principal has a SID History used for domain migration.
|BloodHound Enterprise: Not applicable.
BloodHound CE: Whether the object is marked as Owned, used to mark that the object has been compromised.
|Password Last Set
|The human-readable date for when the user’s password last changed. This is stored internally in Unix epoch format
|Whether the UAC flag is set on the object to not require the object to have a password. Note that this does not necessarily mean the object does not have a password, just that the object is allowed to not have one.
|Whether the UAC flag is set to not require the object to update its password.
|Whether the UAC flag is to disallow Kerberos delegation for this object. If this is “True”, then the object cannot be abused as part of a Kerberos delegation attack.
|The list of SPNs on the object. Very useful for determining any non-default services that may be running on the computer, such as MSSQL
|Previous SID(s) for the object. Used if the object was moved from another domain.
|The contents of the title field for the object.
|Whether the object is allowed to perform constrained kerberos delegation. See more info about that here.