PRIMARY CATEGORY → EXCHANGE GROUPS
Theory
The Exchange Organization Management group is another powerful and privileged group within the AD Enviroment
Any domain account belonging to this group can access the mailboxes of any domain user account
Furthermore, this Exchange group has FullControl (i.e. GenericAll) of the Organizational Unit (OU) called Microsoft Exchange Security Groups, containing the Exchange Windows Permissions group
Therefore, members of this group can takeover the entire domain by performing the same TTPs as with the latter