Closed rebelinux closed 8 months ago
https://www.stigviewer.com/stig/active_directory_domain/2017-12-15/finding/V-36435
https://community.spiceworks.com/topic/2245193-account-is-sensitive-and-cannot-be-delegated-automation-script-solution
PS C:\Users\jocolon> Get-ADGroupMember "Domain Admins" | get-aduser -Properties AccountNotDelegated | Where-Object { -not $_.AccountNotDelegated -and $_.objectClass -eq "user"} AccountNotDelegated : False DistinguishedName : CN=Administrator,CN=Users,DC=pharmax,DC=local Enabled : True GivenName : Name : Administrator ObjectClass : user ObjectGUID : 2759fb46-591d-49a5-a0c0-0affa865bd5e SamAccountName : Administrator SID : S-1-5-21-2867495315-1194516362-180967319-500 Surname : UserPrincipalName : Administrator@pharmax.local AccountNotDelegated : False DistinguishedName : CN=Jonathan A. Colon Feliciano,CN=Users,DC=pharmax,DC=local Enabled : True GivenName : Jonathan Name : Jonathan A. Colon Feliciano ObjectClass : user ObjectGUID : abebac09-ac10-4e4f-9898-baa9c6dea4e2 SamAccountName : jocolon SID : S-1-5-21-2867495315-1194516362-180967319-1171 Surname : Colon Feliciano UserPrincipalName : jocolon@pharmax.local AccountNotDelegated : False DistinguishedName : CN=veeam admin,CN=Users,DC=pharmax,DC=local Enabled : True GivenName : veeam Name : veeam admin ObjectClass : user ObjectGUID : cfd5ed32-d0be-47bd-9501-4b87f1af7c92 SamAccountName : veeam_admin SID : S-1-5-21-2867495315-1194516362-180967319-1175 Surname : admin UserPrincipalName : veeam_admin@pharmax.local PS C:\Users\jocolon>
https://www.stigviewer.com/stig/active_directory_domain/2017-12-15/finding/V-36435
https://community.spiceworks.com/topic/2245193-account-is-sensitive-and-cannot-be-delegated-automation-script-solution