vletoux
commented
2 years ago If it cannot be seen by PingCastle, there may be a permission issue. Also accounts not located into the same domain cannot be resolved. If you have a specific case I suggest you contact support@pingcastle.com with all the detail so the team can understand the root problem.
During a red team a 'cluster node account' that had been added to the domain administrator group in the past was abused. (fyi: this account was added WITHOUT business or technical justification!) After executing PingCastle, this account did not show in the administrators view ... Seen the sensitivity of it being member of the Domain Administrators, should this be 'flagged' ?