Pingcastle reports inexistant delegations #279
Description
Hello,
Recently I have deleted an account from our AD. It also removed from the AD trashbin. But I have written down the SID, just in case.
Now when I use Pingcastle, it is still reporting delegations for this user under Rule ID "P-UnkownDelegation". I have tried numerous tools (AD, AD center, dsrevoke, ldp) to find out or remove these delagations, but I seem to not be able to find them. That raises the question how PingCastle detects these delagations. Somehow it seems to find them and I can't (via domain admin). Could there be a bug in place? Or am I missing something?
The same happens with rule "P-DangerousExtendedRight". There is a REANIMATE_TOMBSTONE permission Pingcastle sees for the domain admin, but when I check it via beforementioned tools, this right doesn't seem to be set. Its very odd.
Is there any information I can provide to find out whats happening?
Kind Regards,
Jan