Hello, I work in a security team at my company. I’ve been tasked to do something about the 40 AD service accounts that have been created for AS400/AD SSO. They are ALL in unconstrained delegation which drives me crazy. Basically, it means that anyone who controls the sso server can impersonate AS400 users. The two guys managing those AS400 have no time to spare on this project and they don’t want to tell me if it’s even possible to achieve RBCD or constrained delegation (kudos to them if they are in this sub) Is there any documentation somewhere that would argue in my favor ? Is it hard to setup ? Any help would be greatly appreciated submitted by /u/stewie055[link][comments] Read More