Enumerating ACLs

Import Active Directory module and mounting AD drive

Import-Module ActiveDirectory

Enumerating AD object ACL

Enumerating for DCSync rights

(Get-Acl -Path "AD:DC=mgsops,DC=net").Access | ?{($_.ObjectType -match '1131f6aa-9c07-11d1-f79f-00c04fc2dcd2') -or ($_.ObjectType -match '1131f6ad-9c07-11d1-f79f-00c04fc2dcd2') -or ($_.ObjectType -match '89e95b76-444d-4c62-991a-0facbeda640c')} | Format-Table IdentityReference,ActiveDirectoryRights,IsInherited

PreviousEnumerating the Domain NextPowerView 3.0

Last updated 2 years ago