From 172e66247bc54473e969757dd2d23a4e104eda33 Mon Sep 17 00:00:00 2001
From: Katie Strader <kstrader@specterops.io>
Date: Wed, 13 May 2026 16:08:38 -0700
Subject: [PATCH 1/2] fix: getting rid of check
 uacFlags.HasFlag(UacFlags.TrustedToAuthForDelegation) for users and computers
 because it doesn't matter if it's true or false, we still need to collect
 msDS-AllowedToDelegateTo values and draw AllowedToDelegate edges

---
 src/CommonLib/Processors/LdapPropertyProcessor.cs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/src/CommonLib/Processors/LdapPropertyProcessor.cs b/src/CommonLib/Processors/LdapPropertyProcessor.cs
index 14cd0e6f..2625b62f 100644
--- a/src/CommonLib/Processors/LdapPropertyProcessor.cs
+++ b/src/CommonLib/Processors/LdapPropertyProcessor.cs
@@ -271,8 +271,7 @@ public async Task<UserProperties> ReadUserProperties(IDirectoryObject entry, str
                 userProps.UnconstrainedDelegation = uacFlags.HasFlag(UacFlags.TrustedForDelegation);
                 
                 var comps = new List<TypedPrincipal>();
-                if (uacFlags.HasFlag(UacFlags.TrustedToAuthForDelegation) &&
-                    entry.TryGetArrayProperty(LDAPProperties.AllowedToDelegateTo, out var delegates)) {
+                if (entry.TryGetArrayProperty(LDAPProperties.AllowedToDelegateTo, out var delegates)) {
                     props.Add("allowedtodelegate", delegates);
 
                     foreach (var d in delegates) {
@@ -390,8 +389,7 @@ public async Task<ComputerProperties> ReadComputerProperties(IDirectoryObject en
             props.Add("admincount", ac != 0);
 
             var comps = new List<TypedPrincipal>();
-            if (flags.HasFlag(UacFlags.TrustedToAuthForDelegation) &&
-                entry.TryGetArrayProperty(LDAPProperties.AllowedToDelegateTo, out var delegates)) {
+            if (entry.TryGetArrayProperty(LDAPProperties.AllowedToDelegateTo, out var delegates)) {
                 props.Add("allowedtodelegate", delegates);
 
                 foreach (var d in delegates) {

From eab2580ced20bc2f241d1fb66970372b89585a34 Mon Sep 17 00:00:00 2001
From: Katie Strader <kstrader@specterops.io>
Date: Thu, 14 May 2026 11:29:49 -0700
Subject: [PATCH 2/2] chore: updating tests mocks to have
 uacFlags.HasFlag(UacFlags.TrustedToAuthForDelegation) set to false because it
 doesn't matter if its true or false to add delegates to allowedtodelegate
 property

---
 test/unit/LdapPropertyTests.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/unit/LdapPropertyTests.cs b/test/unit/LdapPropertyTests.cs
index 6fe09450..881c2433 100644
--- a/test/unit/LdapPropertyTests.cs
+++ b/test/unit/LdapPropertyTests.cs
@@ -1448,7 +1448,7 @@ public async Task LDAPPropertyProcessor_ReadUserProperties_TestDelegatesNull()
                 new Dictionary<string, object>
                 {
                     {"description", "Test"},
-                    {"useraccountcontrol", 0x1000000.ToString()},
+                    {"useraccountcontrol", 0x200.ToString()},
                     {LDAPProperties.LastLogon, "132673011142753043"},
                     {LDAPProperties.LastLogonTimestamp, "132670318095676525"},
                     {"homedirectory", @"\\win10\testdir"},
@@ -1507,7 +1507,7 @@ public async Task LDAPPropertyProcessor_ReadComputerProperties_TestDelegatesNull
                 new Dictionary<string, object>
                 {
                     {"description", "Test"},
-                    {"useraccountcontrol", 0x1001000.ToString()},
+                    {"useraccountcontrol", 0x1000.ToString()},
                     {"lastlogon", "132673011142753043"},
                     {"lastlogontimestamp", "132670318095676525"},
                     {"operatingsystem", "Windows 10 Enterprise"},