Phase3-AceParsing¶
Synopsis¶
Phase 3 helpers for AD Permissions Analyzer: nTSecurityDescriptor parsing, ACE record decoding, and the runspace-pool dispatcher.
Description¶
Implements §5 Phase 3, §7 ACE Decoding Rules, and the parallelism primitives sketched in §12 from docs/AD-Permissions-Analyzer-Plan.md.
Functions are dot-sourced by the entry-point script Invoke-ADPermissionAnalysis.ps1 and exercised in isolation by the matching Pester suite under Tests/. The IO boundary is the SD byte[] itself — every function takes plain inputs (byte[] plus pre-built map dictionaries) so unit tests can construct fixtures via the public System.DirectoryServices APIs without touching a live DC.
Inside a runspace pool the entry script wires this file as a startup
script via InitialSessionState, which preserves the using namespace
directives above. SessionStateFunctionEntry would strip them and break
short type names — see ADR-006.
Inputs¶
None.
Outputs¶
None.