private void BuildDirectDelegationData() { if (domainInfo.ForestFunctionality < 2) { return; } var map = new Dictionary <string, List <string> >(StringComparer.OrdinalIgnoreCase); WorkOnReturnedObjectByADWS callback = (ADItem aditem) => { foreach (var d in aditem.msDSAllowedToDelegateTo) { var spn = d.Split('/'); if (spn.Length < 2) { continue; } if (!map.ContainsKey(spn[1])) { map[spn[1]] = new List <string>(); } var sid = aditem.ObjectSid.Value; if (!map[spn[1]].Contains(sid)) { map[spn[1]].Add(sid); } } }; adws.Enumerate(domainInfo.DefaultNamingContext, "(&(msDS-AllowedToDelegateTo=*)((userAccountControl:1.2.840.113556.1.4.804:=16777216)))", new string[] { "objectSid", "msDS-AllowedToDelegateTo" }, callback); RelationFactory.InitializeDelegation(map); }