description = ‘Give replication rights to a user’
I will research a way that this can be done with pure PowerShell (if possible), in the meantime I will put here how to do it with RACE toolkit.
Domain Admin privileges are required to perform the following actions.
What gives a user rights to start a DC Replication are these entries in the Security tab of the Domain object:
- Replicating Directory Changes
- Replicating Directory Changes All
- Replicating Directory Changes In Filtered Set
Set-ADACL -SamAccountName <SamAccountName> -DistinguishedName '<DN of Domain>'
-GUIDRight DCSync -Verbose
You can now run DCSync to dump the hash of the krbtgt account to use for a Golden Ticket.
Remember: non-DomainAdmins users executing a DC Replication will trigger high severity alerts.