Abuse Info
To abuse these privileges, use DirSync: Sync-LAPS -LDAPFilter ‘(samaccountname=TargetComputer$)’ For other optional parameters, view the DirSync documentation.Opsec Considerations
Executing the attack will generate a 4662 (An operation was performed on an object) event at the domain controller if an appropriate SACL is in place on the target object.Edge Schema
Source: User, Group, ComputerDestination: Domain
Traversable: Yes