# AllExtendedRights

AllExtendedRights 권한은 도메인 객체에 대한 확장 권한으로 객체의 종류에 따라서 사용할 수 있는 공격이 달라집니다. 도메인에 대한 AllExtendedRights는 종종 블러드하운드에서 표시되지 않는 경우가 있지만, 그렇더라도 crackmapexec 등의 상용 도구를 통해 DCSync 공격이 가능합니다.

| 도메인 객체 | 악용                                                                   |
| ------ | -------------------------------------------------------------------- |
| 사용자    | [ForceChangePassword](/active-directory/dacl/forcechangepassword.md) |
| 컴퓨터    | [AddAllowedToAct](/active-directory/dacl/addallowedtoact.md)         |
| 도메인    | [DCSync](/data-theft/active-directory/dcsync.md)                     |

## References

{% embed url="<https://www.hackingarticles.in/abusing-ad-dacl-allextendedrights/>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.pentestwiki.com/active-directory/dacl/allextendedrights.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.