Active Directory Control Paths

Control paths in Active Directory represent a collection of 'control relations' among various domain entities, including users, computers, groups, Group Policy Objects (GPOs), and containers. These relationships can be visualized as graphs, which help answer important questions such as 'Who can obtain Domain Admin privileges?', 'What resources can a user manage?', and even 'Who has access to read the CEO's emails?'. Recent changes include: - A new workflow for all steps that automates the setup and import process for Neo4j. - Basic Cypher querying through the Neo4j REST API, which enhances performance. - New control paths introduced: Kerberos delegation, SCCM dumping utilities for local administrators, and session control paths. - The addition of EXCHANGE permissions in version 1.3, aptly titled 'Who Can Read the CEO's Emails Edition'. - Permissions extracted from AD Users, Mailbox/DB descriptors, Role-Based Access Control (RBAC), and MAPI folders. - Improved resume features and node clustering (through OVALI) in version 1.2.3. - New control paths added in version 1.2.2: Read-Only Domain Controller (RoDC) and Local Administrator Password Solution (LAPS). - Significant code improvements in version 1.2, which now allow for the dumping and analysis of very large Active Directory environments without excessive RAM usage. Some extensive Active Directories with over 1 million objects and 150 million Access Control Entries (ACEs) have been successfully processed.