none
What does ComputerPrincipal.DelegationPermitted retunrs? RRS feed

  • Question

  • Found the definition for DelegationPermitted on MSDN

    Gets or sets a Nullable Boolean value that specifies whether the account may be delegated."

    https://msdn.microsoft.com/en-us/library/system.directoryservices.accountmanagement.authenticableprincipal.delegationpermitted%28v=vs.110%29.aspx?cs-save-lang=1&cs-lang=csharp&f=255&MSPPError=-2147217396#code-snippet-1 

    Does this mean for any computer if we set “Trust this computer to <g class="gr_ gr_311 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins replaceWithoutSep" data-gr-id="311" id="311">delegation</g> for any service” enable on <g class="gr_ gr_312 gr-alert gr_gramm gr_inline_cards gr_run_anim Grammar only-ins doubleReplace replaceWithoutSep" data-gr-id="312" id="312">AD</g> then it will return true else false?

     

    We have tried a couple of methods(mentioned below) to determine, but none of it worked.

    ------------------------------------------------------------------------------------------------------------------------------------

    IPGlobalProperties ip_properties = IPGlobalProperties.GetIPGlobalProperties();

                string CurrentDomain = ip_properties.DomainName;

               

                using (PrincipalContext context = new PrincipalContext(ContextType.Domain, CurrentDomain))

                {

                    using (ComputerPrincipal computer = ComputerPrincipal.FindByIdentity(context, IdentityType.DistinguishedName, "CN=mailbox1,CN=Computers,DC=DAG,DC=NET"))

                    {

                        return computer.DelegationPermitted; // This always returns true, even if the delegation is disabled.

                    }

                }

    ------------------------------------------------------------------------------------------------------------------------------------


    • Edited by Br0ek Monday, March 12, 2018 2:36 PM
    Monday, March 12, 2018 2:29 PM

All replies