| Entity Panel | Database | Directory | Description |
| Object ID | objectid | objectGUID | The object’s unique identifier in the directory. |
| ACL Inheritance Denied | isaclprotected | nTSecurityDescriptor | Whether inherited permissions (ACEs) from containers are blocked on this object. |
| Basic Constraint Path Length | basicconstraintpathlength | caCertificate (X509Certificate) | The maximum number of non-self-issued intermediate certificates that may follow this certificate in a valid certificate chain. |
| CA Name | caname | name | Name of the CA in the directory. |
| CA Security Collected | casecuritycollected | - | Whether the Security ACL stored in registry of the CA host has been collected. |
| Certificate Chain | certchain | caCertificate (X509Certificate) | A hierarchical list of certificates starting with the certificate for this CA and ending with a self-signed root certificate. Each certificate is signed by the private key of the next CA certificate. |
| Certificate Name | certname | caCertificate (X509Certificate) | The name of the CA’s certificate. |
| Certificate Thumbprint | certthumbprint | caCertificate (X509Certificate) | The thumbprint (unique identifier) of the CA’s certificate. |
| Created | whencreated | whenCreated | When the object was created in the directory. |
| Distinguished Name | distinguishedname | distinguishedName | The name of the object and its location in AD. |
| DNS Hostname | dnshostname | dNSHostName | The DNS host name of the CA host. |
| Domain FQDN | domain | - | The fully qualified domain name (FQDN) of the domain the object belongs to. |
| Domain SID | domainsid | - | The SID of the domain the object belongs to. |
| Enrollment Agent Restrictions Collected | enrollmentagentrestrictionscollected | - | Whether the EnrollmentAgentRights ACL stored in registry of the CA host has been collected. |
| Flags | flags | flags | Various flags controlling features of the enrollment service. |
| Has Basic Constraints | hasbasicconstraints | caCertificate (X509Certificate) | Whether the CA certificate has basic constraints. |
| Has Enrollment Agent Restrictions | hasenrollmentagentrestrictions | - | Whether the enrollment agent restrictions are enabled. |
| Is User Specifies San Enabled Collected | isuserspecifiessanenabledcollected | - | Whether the EditFlags registry value of the CA host has been collected. |
| Is User Specifies San Enabled | isuserspecifiessanenabled | - | Whether the CA host has the user specifies SAN (EDITF_ATTRIBUTESUBJECTALTNAME2) flag present in its EditFlags registry value. |
| Last Collected by BloodHound | lastcollected | - | The most recent time the object was collected and ingested in BloodHound. |
| Last Seen by BloodHound | lastseen | - | The most recent time the object or a reference to it was collected and ingested in BloodHound. |
| Role Separation Enabled Collected | roleseparationenabledcollected | - | Whether the RoleSeparationEnabled registry value of the CA host has been collected. |
| Role Separation Enabled | roleseparationenabled | - | Whether the CA host enforces role separation i.e. users are not permitted to have the CA Administrator role and if they have the Certificate Manager role and vice versa; |
| Unresolved Published Certificate Templates | unresolvedpublishedtemplates | certificateTemplates | The published certificate templates which could not be found. |
| - | name | name + domain name | Name of the object + @ + the name of the domain. |