Skip to content

Phase3-AceParsing

Synopsis

Phase 3 helpers for AD Permissions Analyzer: nTSecurityDescriptor parsing, ACE record decoding, and the runspace-pool dispatcher.

Description

Implements §5 Phase 3, §7 ACE Decoding Rules, and the parallelism primitives sketched in §12 from docs/AD-Permissions-Analyzer-Plan.md.

Functions are dot-sourced by the entry-point script Invoke-ADPermissionAnalysis.ps1 and exercised in isolation by the matching Pester suite under Tests/. The IO boundary is the SD byte[] itself — every function takes plain inputs (byte[] plus pre-built map dictionaries) so unit tests can construct fixtures via the public System.DirectoryServices APIs without touching a live DC.

Inside a runspace pool the entry script wires this file as a startup script via InitialSessionState, which preserves the using namespace directives above. SessionStateFunctionEntry would strip them and break short type names — see ADR-006.

Inputs

None.

Outputs

None.