Skip to content

Instantly share code, notes, and snippets.

@HarmJ0y
Last active Oct 27, 2020
Embed
What would you like to do?
PowerView GPO ACL Enumeration
Get-DomainObjectAcl -Domain 'dev.testlab.local' -LDAPFilter '(objectCategory=groupPolicyContainer)' -ResolveGUIDs | ? {
($_.SecurityIdentifier -match '^S-1-5-.*-[1-9]\d{3,}$') -and `
($_.ActiveDirectoryRights -match 'WriteProperty|GenericAll|GenericWrite|WriteDacl|WriteOwner')
} | % {
$PrincipalDN = Convert-ADName $_.SecurityIdentifier -OutputType DN
New-Object PSObject -Property @{'ObjectDN'=$_.ObjectDN ; 'PrincipalSID'=$_.SecurityIdentifier; 'PrincipalDN'=$PrincipalDN }
} | fl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment