74 lines
3.0 KiB
YAML
74 lines
3.0 KiB
YAML
DelegationEntries:
|
|
- Principal: admJaneD
|
|
OrganizationalUnit: CN=Computers # Entries will be concatenated with ',DC=<example>,DC=<org>' automatically
|
|
AccessRules:
|
|
- ActiveDirectoryRights: Self # A combination of one or more of the ActiveDirectoryRights enumeration values that specifies the rights of the access rule.
|
|
AccessControlType: Allow # One of the AccessControlType enumeration values that specifies the access rule type.
|
|
ActiveDirectorySecurityInheritance: Descendents # One of the ActiveDirectorySecurityInheritance enumeration values that specifies the inheritance type of the access rule.
|
|
ObjectType: Validated write to DNS host name # The object type to which the access rule applies.
|
|
InheritedObjectType: Computer # The child object type that can inherit this access rule.
|
|
- ActiveDirectoryRights: Self
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: Validated write to service principal name
|
|
InheritedObjectType: Computer
|
|
- ActiveDirectoryRights: WriteProperty, WriteDacl
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: ''
|
|
InheritedObjectType: Computer
|
|
- ActiveDirectoryRights: ExtendedRight
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: Reset Password
|
|
InheritedObjectType: Computer
|
|
- ActiveDirectoryRights: ExtendedRight
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: Change Password
|
|
InheritedObjectType: Computer
|
|
- ActiveDirectoryRights: ReadProperty
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: ''
|
|
InheritedObjectType: Computer
|
|
- ActiveDirectoryRights: WriteProperty
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: ''
|
|
InheritedObjectType: Computer
|
|
- ActiveDirectoryRights: CreateChild, DeleteChild
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: All
|
|
ObjectType: Computer
|
|
InheritedObjectType: ''
|
|
- ActiveDirectoryRights: GenericAll
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: Computer
|
|
InheritedObjectType: ''
|
|
- Principal: admJaneD
|
|
OrganizationalUnit: OU=Clients,OU=Computer accounts
|
|
AccessRules:
|
|
- ActiveDirectoryRights: CreateChild, DeleteChild
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: All
|
|
ObjectType: User
|
|
InheritedObjectType: ''
|
|
- ActiveDirectoryRights: GenericAll
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: ''
|
|
InheritedObjectType: ''
|
|
- ActiveDirectoryRights: WriteProperty, ReadProperty
|
|
AccessControlType: Allow
|
|
ActiveDirectorySecurityInheritance: Descendents
|
|
ObjectType: Member
|
|
InheritedObjectType: Group
|
|
|
|
# ---
|
|
# Variables:
|
|
# - Name: foo
|
|
# Expression: |
|
|
# Write-Host 'bar'
|