runas /netonly /user:$DOMAIN\$USER
) (see Impersonation). Alternatively, SharpHound can be used with the LdapUsername
and LdapPassword
flags for that matter.runas /netonly
-spawned command shell, you may need to let SharpHound know what username you are authenticating to other systems as with the OverrideUserName
flag