Our current user is part of the Azure Admins group which means that we have rights over ADSync, which means that we can dump credentials using an exe and a dll.
After uploading the exploit to the temp directory and navigating to the desired path nad executing it I was able to get the credentials for the administrator user.
