csandker/KerberosDelegation-Checks

## KerberosDelegation-Checks
PS C:\Users\Clark.Kent\Desktop> ## Unconstrained Delegation
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=524288)').FindAll()

Path                                                          Properties
----                                                          ----------
LDAP://CN=DC01,OU=Domain Controllers,DC=MonkeyIsland,DC=local {ridsetreferences, logoncount, codepage, objectcategor...
LDAP://CN=HTTPSvc,CN=Users,DC=MonkeyIsland,DC=local           {givenname, codepage, objectcategory, dscorepropagatio...


PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]"(msds-allowedtodelegateto=*)").FindAll()

Path                                               Properties
----                                               ----------
LDAP://CN=SQLSvc,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagationdata...}
LDAP://CN=MSSQL,CN=Users,DC=MonkeyIsland,DC=local  {givenname, codepage, objectcategory, dscorepropagationdata...}


PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation with allowed Protocol Tranisition
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=16777216)').FindAll()

Path                                              Properties
----                                              ----------
LDAP://CN=MSSQL,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagationdata...}


PS C:\Users\Clark.Kent\Desktop> ## Resource Based Constrained Delegation
PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]"(msds-AllowedToActOnBehalfOfOtherIdentity=*)").FindAll()

Path                                                       Properties
----                                                       ----------
LDAP://CN=EXCHANGE01,CN=Computers,DC=MonkeyIsland,DC=local {logoncount, codepage, objectcategory, iscriticalsystemob...


PS C:\Users\Clark.Kent\Desktop>
	PS C:\Users\Clark.Kent\Desktop> ## Unconstrained Delegation
	PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=524288)').FindAll()

	Path Properties
	---- ----------
	LDAP://CN=DC01,OU=Domain Controllers,DC=MonkeyIsland,DC=local {ridsetreferences, logoncount, codepage, objectcategor...
	LDAP://CN=HTTPSvc,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagatio...


	PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation
	PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]"(msds-allowedtodelegateto=*)").FindAll()

	Path Properties
	---- ----------
	LDAP://CN=SQLSvc,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagationdata...}
	LDAP://CN=MSSQL,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagationdata...}


	PS C:\Users\Clark.Kent\Desktop> ## Constrained Delegation with allowed Protocol Tranisition
	PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]'(userAccountControl:1.2.840.113556.1.4.803:=16777216)').FindAll()

	Path Properties
	---- ----------
	LDAP://CN=MSSQL,CN=Users,DC=MonkeyIsland,DC=local {givenname, codepage, objectcategory, dscorepropagationdata...}


	PS C:\Users\Clark.Kent\Desktop> ## Resource Based Constrained Delegation
	PS C:\Users\Clark.Kent\Desktop> ([adsisearcher]"(msds-AllowedToActOnBehalfOfOtherIdentity=*)").FindAll()

	Path Properties
	---- ----------
	LDAP://CN=EXCHANGE01,CN=Computers,DC=MonkeyIsland,DC=local {logoncount, codepage, objectcategory, iscriticalsystemob...


	PS C:\Users\Clark.Kent\Desktop>