What are the prerequisites to perform a DCSync attack?
To perform DCSync, an attacker must have compromised an account that is a member of one of the following groups: Domain Admins, Enterprise Admins, Administrators on the domain controller, or the domain controller's computer account. These privileges allow the use of the IDL_DRSGetNCChanges method to replicate credentials.
---
**Related reading:**
- Domain Penetration - DCSync — original article
- An interesting way of bypassing Windows Attachment Manager
- Penetration Techniques - Exploitation of Nine Windows Privileges
- Penetration Techniques - Pass the Hash with Remote Desktop (Restricted Admin Mode)
---
**Related reading:**
- Domain Penetration - DCSync — original article
- An interesting way of bypassing Windows Attachment Manager
- Penetration Techniques - Exploitation of Nine Windows Privileges
- Penetration Techniques - Pass the Hash with Remote Desktop (Restricted Admin Mode)
DCSync prerequisitesDomain AdminsEnterprise AdminsDRS replicationcredential harvesting
Source:Domain Penetration - DCSync