@@ -1091,7 +1091,7 @@ def find_delegation(self):
10911091 UF_TRUSTED_FOR_DELEGATION = 0x80000
10921092 UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION = 0x1000000
10931093 UF_ACCOUNTDISABLE = 0x2
1094- SERVER_TRUST_ACCOUNT = 0x2000
1094+ """ SERVER_TRUST_ACCOUNT = 0x2000"""
10951095
10961096 def printTable (items , header ):
10971097 colLen = []
@@ -1123,8 +1123,8 @@ def printTable(items, header):
11231123 search_filter = (f"(&(|(UserAccountControl:1.2.840.113556.1.4.803:={ UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION }
11241124 f"(UserAccountControl:1.2.840.113556.1.4.803:={ UF_TRUSTED_FOR_DELEGATION }
11251125 "(msDS-AllowedToDelegateTo=*)(msDS-AllowedToActOnBehalfOfOtherIdentity=*))"
1126- f"(!(UserAccountControl:1.2.840.113556.1.4.803:={ UF_ACCOUNTDISABLE } "
1127- f"(!(UserAccountControl:1.2.840.113556.1.4.803:={ SERVER_TRUST_ACCOUNT } )
1126+ f"(!(UserAccountControl:1.2.840.113556.1.4.803:={ UF_ACCOUNTDISABLE } )" )
1127+ # f"(!(UserAccountControl:1.2.840.113556.1.4.803:={SERVER_TRUST_ACCOUNT})))") To listing RBCD to DCs
11281128
11291129 attributes = ["sAMAccountName" , "pwdLastSet" , "userAccountControl" , "objectCategory" ,
11301130 "msDS-AllowedToActOnBehalfOfOtherIdentity" , "msDS-AllowedToDelegateTo" ]
@@ -1190,7 +1190,9 @@ def printTable(items, header):
11901190 if int (userAccountControl ) & UF_ACCOUNTDISABLE :
11911191 self .logger .debug (f"Bypassing disabled account { sAMAccountName } )
11921192 else :
1193- answers .append ([sAMAccountName , objectType , delegation , rightsTo ])
1193+ # Check if the entry is invalid, i.e., for "Unconstrained N/A"
1194+ if not (delegation == "Unconstrained" and rightsTo == ["N/A" ]):
1195+ answers .append ([sAMAccountName , objectType , delegation , rightsTo ])
11941196
11951197 except Exception as e :
11961198 self .logger .error (f"Skipping item, cannot process due to error { e } )
0 commit comments