Un-Constrained Delegation
Log on to the DC and open the manage computers and users tool (server manager > Tools > Active Directory users and computers).
Go onto the computers tab.
Right click on the comp and go into properties > delegation.
Click on the allow delegation for all services.
Apply.
Can use printerbug to abuse and auth as DC, then can DCSync.
Same steps as before but remove the delegation completely.
Last modified 2yr ago