Node properties
The node supports the properties of the table below.Properties which are blank/null will not be shown in the Entity Panel.
| Entity Panel name | Description |
|---|---|
| Tier Zero / High Value | BloodHound Enterprise: Whether the object is part of Tier Zero of the Microsoft’s Active Directory Tier Model, or the Control Plane of Microsoft’s Enterprise Access Model. BloodHound CE: Whether the object is currently marked as High Value. By default any object that belongs to Tier Zero is marked as High Value. |
| Display Name | The display name for the object. |
| Object ID | The object’s security identifier (SID), a unique identifier in the directory. |
| ACL Inheritance Denied | Identifies whether an object is allowing DACL inheritance to itself. Corresponds to the DACL_Protected security descriptor flag. |
| Admin Count | Whether the object currently, or possibly ever has belonged to a certain set of highly privileged groups. For Active Directory nodes this is related to the AdminSDHolder object and the ProtectAdminGroups background task. Read more about that here. |
| AdminSDHolder Protected | The authoritative security descriptor of this object matches that of the AdminSDHolder container and is therefore protected by it. AdminSDHolder is a security descriptor template that the ProtectAdminGroups background task stamps on protected objects. |
| Allows Unconstrained Delegation | Whether the object is allowed to perform unconstrained kerberos delegation. See more info about that here: https://blog.harmj0y.net/redteaming/another-word-on-delegation/ |
| Created | The time when the object was created in the directory. |
| Description | The contents of the description field for the object. |
| Enabled | Whether the computer object is enabled. |
| LAPS Enabled | Whether LAPS is running on the computer. This is determined by checking whether the associated MS LAPS properties are populated on the computer object. |
| Last Logon | The last time the domain controller you got this data from handled a logon request for the object. Attribute ‘lastlogon’. |
| Last Logon (Replicated) | The last time any domain controller handled a logon for this object, the value is, by default, only updated if the latest logon is greater than or equal to 14 days than the previous value. Attribute ‘lastlogontimestamp’. |
| Operating System | The operating system running on the computer, according to the corresponding property on the object in the directory. |
| Owned | BloodHound Enterprise: Not applicable. BloodHound CE: Whether the object is marked as Owned, used to mark that the object has been compromised. |
| Password Last Set | The human-readable date for when the user’s password last changed. This is stored internally in Unix epoch format |