Applies to BloodHound Enterprise and CE

The ContainsIdentity relationship represents how an AD domain contains the identity of an AD account (user or computer).

Abuse Info

Control over the domain object enables an attacker to compromise all accounts of the domain. For example, DCSync, AllExtendedRights, or GenericAll permission on the domain object enables the attacker to perform a DCSync attack and obtain the credentials of any account of the domain.

Refer to the inbound edges on the domain node for more details.

Opsec Considerations

There is no opsec information for this edge.

References