Unconstrained Delegation

NetExec allows you to retrieve the list of all computers and users with the flag TRUSTED_FOR_DELEGATION

nxc ldap 192.168.0.104 -u harry -p pass --trusted-for-delegation

Alternatives Tools

GitHub - ropnop/windapsearch: Python script to enumerate users, groups and computers from a Windows domain through LDAP queriesGitHub

PowerSploit/PowerView.ps1 at dev · PowerShellMafia/PowerSploitGitHub

Resources:

Unconstrained Delegation - Risqueshackndo