I am trying to find all servers that set TrustedForDelegation : True, I am able to find all servers using ([adsisearcher]"ObjectCategory=Computer").Findall().properties but I can't see any of the security policy properties. How would I go about viewing filtering for security policy properties?
Btw the reason I am using AdsiSearcher is because I don't have the Active Directory module available to import.
The Trusted for Delegation permission is stored in the userAccountControl attribute in AD, which is a bit field, meaning that the value indicates several flags that can be on or off. The full list is here.
Adding this to your query is a little tricky. It requires a bitwise AND comparison to see if a specific flag is turned on. AD allows this through a matching rule OID called LDAP_MATCHING_RULE_BIT_AND.
You would use it in an LDAP query like this:
(userAccountControl:1.2.840.113556.1.4.803:=524288)
So your code to find all computers with the Trusted for Delegation permissions would look something like this:
([adsisearcher]"(&(objectCategory=computer)(userAccountControl:1.2.840.113556.1.4.803:=524288))").Findall()