Objects and Properties
This section lists the objects defined by the authentication and privilege-elevation PowerShell module and the properties of each object.
This chapter provides an alphabetical listing of the objects and the properties of each object defined in the Access module for PowerShell. Note that not all properties are available as parameters in the PowerShell cmdlets.
CdmAdObject Object
Represents an Active Directory object. The following properties are defined for this object.
Table: CdmAdObject Properties
| Property | Type | Description |
|---|---|---|
| Class | string | Class of the Active Directory object. |
| DistinguishedName | string | Distinguished name of the Active Directory object. |
| Guid | Guid | Globally unique identifier (GUID) of the Active Directory object. |
| Name | string | Name of the Active Directory object. |
CdmAdPrincipal Object
Represents an Active Directory account principal. The following properties are defined for this object.
Table: CdmAdPrincipal Properties
| Property | Type | Description |
|---|---|---|
| Class | string | Class of the Active Directory object. |
| DistinguishedName | string | Distinguished name of the Active Directory object. |
| Guid | Guid | Globally unique identifier (GUID) of the Active Directory object. |
| Name | string | Name of the Active Directory object. |
| SamAccountName | string | SAM account name of the Active Directory principal. |
| Sid | SecurityIdentifier | Security identifier (SID) of the Active Directory principal. |
CdmApplicationRight Object
Represents a Windows application access right. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmApplicationRight Properties
| Property | Type | Description |
|---|---|---|
| Description | string | Description of the application right. |
| IsRequireMfa | Boolean | Indicates whether the application right requires multi-factor authentication. |
| MatchCriteria | MatchCriteria[] | Filter criteria defined by an array of MatchCriteria objects that identifies the application associated with the application right. |
| Name | string | Name of the application right. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Priority | int | Priority of the application right; highest priority prevails. |
| RequirePassword | Boolean | Indicates whether the application right requires authentication. |
| RunasSelfGroups | group | The group privileges to add to the user’s account when running the application associated with the application right. |
| RunasUser | user | The user to run the application as. |
| Zone | zone | Zone where the application right is defined. |
CdmCommandRight Object
Represents a UNIX command right. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmCommandRight Properties
| Property | Type | Description |
|---|---|---|
| AddVar | string | Comma separated list of environment variable name-value pairs to add to the final list resulting from KeepVar or DeleteVar property (for instance, "var1=a,var2=b,var3=c"). |
| Authentication | string | The authentication type of the command right: none, user, or runastarget. |
| DeleteVar | string | Comma separated list of environment variables to remove from default set when command is run. |
| Description | string | Description of the command right. |
| Digests | string | Specifies SHA-2 digests so that sudo can verify the binary's checksum (SHA-2) before sudo executes the binary. The supported hash types are sha224, sha256, sha384, and sha512. |
| DzdoRunAsGroup | string | Comma-separated string of groups allowed to run this command using dzdo (for example, "group1,group2,group3"). The asterisk wild card (*) means any group enabled for the zone can run the command. An empty string ("") means the command cannot run as any group. |
| DzdoRunAsUser | string | Comma-separated list of users allowed to run this command using dzdo (for example, "user1,user2,user3"). - The asterisk wild card (*) means any user enabled for the zone can run the command. An empty string ("") means the command cannot run as any user. |
| DzshRunas | string | The user this command will run as under dzsh, '$' means current user. |
| IsAllowNested | Boolean | True if the command is allowed to start another program or open a new shell. |
| IsDisablePathTraverse | Boolean | True if the command does not allow navigation up the path hierarchy as an argument. |
| IsPreserveGroup | Boolean | True to retain the user’s group membership while executing a command. |
| IsRequireMfa | Boolean | Indicates whether the command right requires multi-factor authentication. |
| KeepVar | string | Comma separated list of environment variables to keep in addition to those in dzdo.env_keep when command is run. |
| MatchPath | string | The path for matching the command. |
| Name | string | Name of the command right. |
| Pattern | string | Command pattern for matching the command. |
| PatternType | string | The type of pattern—glob or regexp—used to match the command. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Priority | int | Priority for this command; highest priority prevails. |
| SELinuxRole | string | Sets the SELinux security context to use the specified role when executing a command using dzdo or dzsh. Applies to command rights on Red Hat Enterprise Linux systems that have SELinux enabled and are joined to a hierarchical zone. |
| SELinuxType | string | Sets the SELinux security context to use the specified type when executing a command using dzdo or dzsh. Applies to command rights on Red Hat Enterprise Linux systems that have SELinux enabled and are joined to a hierarchical zone. |
| UMask | string | User file-creation mode mask (umask) value that defines who can execute the command. |
| Zone | CdmZone | Zone of the command right. |
CdmComputer Object
Represents an Active Directory computer object. The following properties are defined for this object.
Table: CdmComputer Properties
| Property | Type | Description |
|---|---|---|
| Class | string | Class of the Active Directory object. |
| DistinguishedName | string | Distinguished name of the Active Directory object. |
| DNSHostName | string | DNS host name of the Active Directory computer. |
| Enabled | Boolean | True if the Active Directory computer is enabled. |
| Guid | Guid | GUID of the Active Directory object. |
| Name | string | Name of the Active Directory object. |
| SamAccountName | string | SAM account name of the Active Directory principal. |
| Sid | SecurityIdentifier | SID of the Active Directory principal. |
| UserPrincipalName | string | User principal name of the Active Directory computer. |
CdmComputerRole Object
Represents a Delinea computer role. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmComputerRole Properties
| Property | Type | Description |
|---|---|---|
| CustomAttributes | string | Custom text strings for the computer role. |
| Description | string | Description of the computer role. |
| Group | CdmGroup | Computer group associated with this computer role. |
| Name | string | Name of the computer role. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Zone | CdmZone | Zone that contains the computer role. |
CdmDesktopRight Object
Represents a Windows desktop access right. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmDesktopRight Properties
| Property | Type | Description |
|---|---|---|
| Description | string | Description of the desktop right. |
| IsRequireMfa | Boolean | Indicates whether the desktop right requires multi-factor authentication. |
| Name | string | Name of the desktop right. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Priority | int | Priority of the desktop right; highest priority prevails. |
| RequirePassword | Boolean | True if the desktop right requires a password. |
| RunasSelfGroups | CdmGroup[] | Groups whose privileges are added to the user account running the desktop. |
| RunasUser | CdmUser | User to run the desktop as. |
| Zone | CdmZone | Zone of the desktop right. |
CdmEffectiveUnixRights Object
Represents the UNIX rights assigned to a user that are in effect on a Linux or UNIX computer in a zone. The following properties are defined for this object.
Table: CdmEffectiveUnixRights Properties
| Property | Type | Description |
|---|---|---|
| AuditLevel | string | Effective auditing level. |
| CommandRights | CdmEffectiveCommandRight [] | The array of effective command rights assigned to the user. |
| Computer | CdmManagedComputer | The computer in which the roles and rights are effective. |
| HasRescueRight | Boolean | True if the user has the rescue right. |
| PamRights | CdmEffectivePamRight[] | The array of effective PAM rights assigned to the user. |
| Profiles | CdmEffectiveUserProfile[] | Effective UNIX profiles for the Active Directory user in the computer. |
| Roles | CdmEffectiveRole[] | The array of effective roles assigned to the user. |
| SshRights | CdmEffectiveSshRight[] | The array of effective SSH rights assigned to the user. |
| UnixSystemRights | string[] | Effective UNIX system rights. |
| User | CdmUser | Active Directory user assigned to the role. |
CdmEffectiveWindowsRights Object
Represents the Windows rights assigned to a user that are in effect on a Windows computer in a zone. The following properties are defined for this object.
Table: CdmEffectiveWindowsRights Properties
| Property | Type | Description |
|---|---|---|
| AuditLevel | string | Effective auditing level. |
| ApplicantionRights | CdmEffectiveApplicationRight | The array of effective application rights assigned to the user. |
| Computer | CdmManagedComputer | The computer in which the roles and rights are effective. |
| DesktopRights | CdmEffectiveDesktopRight | The array of effective desktop rights assigned to the user. |
| HasRescueRight | Boolean | True if the user has the rescue right. |
| NetworkRights | CdmEffectiveNetworkRigh | The array of effective network access rights assigned to the user. |
| Roles | CdmEffectiveRole | The array of effective roles assigned to the user. |
| WindowsSystemRights | string[] | Effective Windows system rights. |
| User | CdmUser | Active Directory user assigned to the role. |
CdmGroup Object
Represents an Active Directory group. The following properties are defined for this object.
Table: CdmGroup Properties
| Property | Type | Description |
|---|---|---|
| Class | string | Class of the Active Directory object. |
| DistinguishedName | string | Distinguished name of the Active Directory object. |
| GroupCategory | ADGroupCategory | Category of the Active Directory group. |
| GroupScope | ADGroupScope | Scope of the Active Directory group. |
| Guid | Guid | GUID of the Active Directory object. |
| Name | string | Name of the Active Directory object. |
| SamAccountName | string | SAM account name of the Active Directory principal. |
| Sid | SecurityIdentifier | SID of the Active Directory principal. |
CdmGroupProfile Object
Represents a UNIX group profile. The following properties are defined for this object.
Table: CdmGroupProfile Properties
| Property | Type | Description |
|---|---|---|
| Computer | CdmManagedComputer | Computer that contains the profile. |
| Gid | long | GID of the group profile. |
| Group | CdmGroup | Active Directory group of the group profile. |
| IsHierarchical | Boolean | True if the group profile is in a hierarchical zone. |
| IsMembershipRequired | Boolean | True if users are required to be a member of this group. |
| IsOrphan | Boolean | True if the group profile is an orphan profile, that is, it has no corresponding Active Directory group. |
| IsSfu | Boolean | True if the group profile is a SFU profile. |
| Name | string | Name of the group profile. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Zone | CdmZone | Zone that contains the profile. |
CdmLocalGroupProfile Object
Represents a local UNIX group profile. The following properties are defined for this object.
Table: CdmLocalGroupProfile Properties
| Property | Type | Description |
|---|---|---|
| CanonicalName | string | Canonical name of the local group profile. |
| Computer | CdmManagedComputer | Computer where the local group profile is defined. |
| Domain | string | Domain of the local group profile. |
| Gid | long | GID of the group profile. |
| Members | string[] | Members of the local group profile. |
| Name | string | Name of the group profile. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| State | enum | State of the local group profile. The valid values are: Enable, Remove. and Inherit The default state is Inherit. |
| Zone | CdmZone | Zone that contains the profile. |
CdmLocalUserProfile Object
Represents a local UNIX user profile. The following properties are defined for this object.
Table: CdmLocalUserProfile Properties
| Property | Type | Description |
|---|---|---|
| CanonicalName | string | Canonical name of the local user profile. |
| Computer | CdmManagedComputer | Computer where the local user profile is defined. |
| Domain | string | Domain of the local user profile. |
| Gecos | string | GECOS field of the local user profile. |
| HomeDir | string | Home directory of the user associated with the local profile. |
| Name | string | Name of the user associated with the local profile. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| PrimaryGroupId | long | Primary group ID of the user associated with the local profile. |
| Shell | string | Default shell of the user associated with the local profile. |
| State | enum | State of the local user profile. The valid values are: Enable, Remove, and Inherit The default state is Inherit. |
| Uid | long | Numeric user identifier (UID) of the user associated with the local profile. |
| Zone | CdmZone | Zone where the local user profile is defined. |
CdmLocalWindowsGroup Object
Represents a local Windows group account. The following properties are defined for this object.
Table: CdmLocalWindowsGroup Properties
| Property | Type | Description |
|---|---|---|
| CanonicalName | string | Canonical name of the local group in Active Directory. |
| Computer | CdmManagedComputer | Computer where the local group is defined. |
| Description | string | Description for the local group. |
| Domain | string | Domain of the local group in Active Directory. |
| Members | string[] | Members of the local group . |
| Name | string | Name of the local group . |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| State | LocalWindowsGroupState enum | State of the local group . The valid values are: Enable, Remove, and Inherit The default state is Inherit. |
| Zone | CdmZone | The zone where the local group is defined. |
CdmLocalWindowsUser Object
Represents a local Windows user account. The following properties are defined for this object.
Table: CdmLocalWindowsUser Properties
| Property | Type | Description |
|---|---|---|
| CanonicalName | string | Canonical name of the local user account in Active Directory. |
| Computer | CdmManagedComputer | Computer where the local user is defined. |
| Description | string | Description for the local user. |
| Domain | string | Domain of the local user account in Active Directory. |
| FullName | string | Full name of the local user. |
| Name | string | Name of the local user. |
| PasswordOptions | LocalWindowsUserPassword Option enum | Password options of the local user. Possible values are: None, Inherit, UserMustChangePasswordAtNextLogon, UserCannotChangePassword, PasswordNeverExpires. It can be a combination of UserMustChangePasswordAtNextLogon and PasswordNeverExpires, UserCannotChangePassword and PasswordNeveExpires. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| State | LocalWindowsUserState enum | State of the local user. he valid values are: Enable, Remove, and Inherit The default state is Inherit. |
| Zone | CdmZone | The zone where the local user is defined. |
CdmManagedComputer Object
Represents a computer managed by authentication and privilege elevation. The following properties are defined for this object.
Table: CdmManagedComputer Properties
| Property | Type | Description |
|---|---|---|
| AgentVersion | string | Version number of the Delinea Agent installed on the managed computer. |
| Computer | CdmComputer | Corresponding Active Directory computer account. |
| ComputerZonePath | string | Path to the computer zone. |
| IsComputerZoneOnly | Boolean | True if the managed computer has a computer zone only (that is, the computer is not joined to a zone). |
| IsExpressMode | Boolean | True if the managed computer is in Express (unlicensed) mode. |
| IsHierarchical | Boolean | True if the managed computer is joined to a hierarchical zone. |
| IsOrphan | Boolean | True if the managed computer is an orphan profile, that is, it has no corresponding Active Directory computer object. |
| IsWindows | Boolean | True if the managed computer is a Windows computer. |
| IsWorkstationMode | Boolean | True if the managed computer is joined to Auto Zone in Workstation mode. |
| IsJoinedToZone | Boolean | True if the managed computer is joined to a zone. |
| LicenseType | string | Type of license being used. This property is Server if the managed computer is a Windows or UNIX server or Workstation if the managed computer is not used as a server. |
| Name | string | Name of the managed computer. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| ScpPath | string | Path to the service connection point for the managed computer. |
| Zone | CdmZone | Zone of the managed computer. |
CdmMatchCriteria Object
Represents an application right match criteria object defined using the application rights match criteria filters. The following properties are defined for this object.
Table: CdmMatchCriteria Properties
| Property | Type | Description |
|---|---|---|
| Argument | string | The argument for the application. |
| CompanyName | string | All or part of the company name associated with the application. |
| CompanyNameMatchOption | string | Specifies whether the company name string should be an exact match (is) or a partial match (contains). |
| Description | string | The description for the application criteria. |
| FileDescription | string | All or part of the file description for the application. |
| FileDescriptionMatchOption | string | Specifies whether the file description string should be an exact match (is) or a partial match (contains). |
| FileHash | string | The file hash for an application. |
| FileName | string | The file name for an application. |
| FileType | string | The file type for an application. |
| FileVersion | string | All or part of the file version information for an application. |
| FileVersionMatchOption | string | Specifies whether the file version string should be an exact match (equal), an earlier or equal version (earlier or equal), or a later or equal version (later or equal). |
| IsArgumentCaseSensitive | Boolean | True if the argument specified is case sensitive. |
| IsArgumentExactMatch | Boolean | True if the argument must be matched exactly as specified. |
| IsRequireAdministrator | Boolean | True if the application requires administrator privileges to execute. |
| LocalOwner | string | The local owner for the application. |
| LocalOwnerType | string | The local owner type for the application. |
| OwnerSid | string | The owner security identifier (SID) for the application. |
| Path | string | The path to an application. |
| ProductName | string | All or part of the product name associated with the application. |
| ProductNameMatchOption | string | Specifies whether the product name string should be an exact match (is) or a partial match (contains). |
| ProductVersion | string | All or part of the product version information for an application. |
| ProductVersionMatchOption | string | Specifies whether the product version string should be an exact match (equal), an earlier or equal version (earlier or equal), or a later or equal version (later or equal). |
| Publisher | string | The publisher for an application. |
| PublisherMatchOption | string | Specifies whether the publisher string should be an exact match (is), a partial match (contains), start with, or end with the specified string. |
| SerialNumber | string | The serial number for an application. |
| SerialNumberMatchOption | string | Specifies whether the serial number string should be an exact match (is), a partial match (contains), start with, or end with the specified string. |
CdmNetworkRight Object
Represents a Windows network access right. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmNetworkRight Properties
| Property | Type | Description |
|---|---|---|
| Description | string | Description of the network right. |
| IsRequireMfa | Boolean | Indicates whether the network access right requires multi-factor authentication. |
| Name | string | Name of the network right. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Priority | int | Priority of the network right; highest priority prevails. |
| RequirePassword | Boolean | True if the network right requires a password. |
| RunasSelfGroups | CdmGroup[] | Groups whose privileges are added to the user account accessing the network. |
| RunasUser | CdmUser | Run-as user of the network right. |
| Zone | CdmZone | Zone of the network right. |
CdmPamRight Object
Represents a PAM application access right. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmPamRight Properties
| Property | Type | Description |
|---|---|---|
| Application | string | PAM application for this right. |
| Description | string | Description of the PAM access right. |
| Name | string | Name of the PAM access right. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Zone | CdmZone | Zone of the PAM access right. |
CdmRole Object
Represents a authentication and privilege elevation role. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmRole Properties
| Property | Type | Description |
|---|---|---|
| AllowLocalUser | Boolean | True if the role can be assigned to a local user. |
| AuditLevel | string | Audit setting for this role. |
| CustomAttributes | string | Custom text strings for the role. |
| Description | string | Description of the role. |
| HasRescueRight | Boolean | True if users assigned to this role can log on when problems with authentication, authorization or auditing services prevent log on access. |
| HasDzdoRescueRight | Boolean | True if this role allows users to run Dzdo when problems with authentication, authorization or auditing services prevent Dzdo operation. |
| Name | string | Name of the role. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| RequireMfa | Boolean | True if the role requires multi-factor authentication. |
| TimeBox | Hashtable | Active time of the role. |
| UnixSystemRights | string[] | UNIX system rights granted to the role. |
| WindowsSystemRights | string[] | Windows system rights granted to the role. |
| Zone | CdmZone | Containing zone. |
CdmRoleAssignment Object
Represents a authentication and privilege elevation role assignment. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmRoleAssignment Properties
| Property | Type | Description |
|---|---|---|
| AdTrustee | CdmAdPrincipal | The trustee, if it is an Active Directory account. |
| Computer | CdmManagedComputer | Containing computer. |
| ComputerRole | CdmComputerRole | Containing computer role. |
| CustomAttributes | string | Custom text strings for the role assignment. |
| Description | string | The role assignment description. |
| EndTime | DateTime | The ending date and time for the role assignment. |
| IsNeverExpire | Boolean | True if the role assignment never expires. |
| IsRoleOrphaned | Boolean | True if the role is missing or invalid. |
| IsStartImmediately | Boolean | True if the role assignment starts immediately. |
| IsTrusteeOrphaned | Boolean | True if the trustee is missing or invalid. |
| LocalTrustee | string | The trustee, if it is a local account. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Role | CdmRole | Assigned role. |
| StartTime | DateTime | The starting date and time for the role assignment. |
| TrusteeType | string | Type of trustee. |
| Zone | CdmZone | Containing zone. |
CdmSshRight Object
Represents an SSH application access right. This object is only applicable in hierarchical zones. The following properties are defined for this object.
Table: CdmSshRight Properties
| Property | Type | Description |
|---|---|---|
| Application | string | Secure shell application for this right. |
| Description | string | Description of the SSH right. |
| Name | string | Name of the SSH right. |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| Zone | CdmZone | Zone of the SSH right. |
CdmUser Object
Represents an Active Directory user. The following properties are defined for this object.
Table: CdmUser Properties
| Property | Type | Description |
|---|---|---|
| Class | string | Class of the Active Directory object. |
| DistinguishedName | string | Distinguished name of the Active Directory object. |
| Enabled | Boolean | True if the Active Directory user is enabled. |
| GivenName | string | Given name of the Active Directory user. |
| Guid | Guid | GUID of the Active Directory object. |
| IsAllADUser | Boolean | True if the user is an Active Directory domain user account. |
| Name | string | Name of the Active Directory object. |
| SamAccountName | string | SAM account name of the Active Directory principal. |
| Sid | SecurityIdentifier | SID of the Active Directory principal |
| Surname | string | Surname of the Active Directory user. |
| UserPrincipalName | string | User principal name of the Active Directory user. |
CdmUserProfile Object
Represents a UNIX user profile. The following properties are defined for this object.
Table: CdmUserProfile Properties
| Property | Type | Description |
|---|---|---|
| Computer | CdmManagedComputer | Containing computer. |
| ExtendedAttributes | string | AIX extended attributes of the user profile |
| Gecos | string | GECOS field of the user profile |
| HomeDirectory | string | Home directory of the user associated with the profile |
| IsHierarchical | Boolean | True if the user profile is in a hierarchical zone |
| IsOrphan | Boolean | True if the user profile is an orphan profile, that is, it has no corresponding Active Directory user. |
| IsSecondary | Boolean | True if the user profile is a secondary profile. |
| IsSfu | Boolean | True if the user profile is an SFU profile. |
| IsUseAutoPrivateGroup | Boolean | True if the user private group is to be used as the primary group. |
| Name | string | Name of the user associated with the profile |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| PrimaryGroupId | long | Primary group ID of the user associated with the profile |
| Shell | string | Default shell of the user associated with the profile |
| Uid | long | UID of the user associated with the profile |
| UnixEnabled | Boolean | True if the user profile is enabled for a classic zone. This property is not applicable in hierarchical zones. |
| User | CdmUser | Active Directory user for whom this is the user profile |
| Zone | CdmZone | Containing zone |
CdmZone Object
Represents a Delinea zone. The following properties are defined for this object.
Table: CdmZone Properties
| Property | Type | Description |
|---|---|---|
| AgentlessPasswordAttribute | string | Attribute in which to store the password hash for agentless client. |
| AvailableShells | string[] | Array of available shells that can be used as the default shell for zone users. |
| CanonicalName | string | Canonical name of the zone. |
| CloudInstance | String | Cloud instance URL to which the zone connects. |
| DefaultGecos | string | Default GECOS field for zone users. |
| DefaultGid | long | Default GID value to use for zone groups. |
| DefaultGroupName | string | Default group name to use for zone groups. |
| DefaultHomeDirectory | string | Default home directory for zone users. |
| DefaultPrimaryGroup | string | Default primary group to use for zone users. |
| DefaultShell | string | Default shell for zone users. |
| DefaultUid | long | Default UID value to use for zone users. |
| DefaultUserName | string | Default user name to use for zone users. |
| DefaultValueZone | CdmZone | Zone to use as the source for default values in a selected zone. |
| Description | string | Description of the zone. |
| DistinguishedName | string | Distinguished name of the zone. |
| Domain | string | Active Directory domain associated with the zone. |
| IsBlockGroupInheritance | Boolean | True if groups defined in a parent zone are not inherited, and therefore not visible, in a child zone. This property is only applicable for hierarchical zones. |
| IsHierarchical | Boolean | True if it is a hierarchical zone. |
| IsOrphanChildZone | Boolean | True if the zone is a child zone with no parent zone (Hierarchical zone only). |
| IsSfu | Boolean | True if it is a SFU zone. |
| Name | string | Name of the zone. |
| NextGid | long | Next GID value available for assignment to a zone group. |
| NextUid | long | Next UID value available for assignment to a zone user. |
| NisDomain | string | NIS domain for SFU zone or agentless mode. |
| Parent | CdmZone | Parent zone (Hierarchical zone only). |
| PreferredServer | string | Preferred server to use for committing changes to Active Directory. |
| ReservedGid | long | Reserved GID values that cannot be assigned to a zone group. |
| ReservedUid | long | Reserved UID values that cannot be assigned to a zone user. |
| Schema | string | Schema of the zone. |
| SfuDomain | string | SFU domain of the zone (SFU zone only). |
| TenantId | String | The TenantId of the zone |
| TruncateUserName | Boolean | True if user names longer than 8 characters are automatically truncated for the zone. |
| Type | string | Type of the zone. |
| Variables | string[] | Array of runtime variables. |
