We can enumerate the DC directories, as we can see this gives us no limits on who we want to impersonate as this attack is just a waiting game because we need a user to authenticate to our compromised machine, just a matter of time for automated scripts, there are numerous way's to approach this situation, such as Covenant just a few syntax, Rubeus and SpoolCheck that is able to "force" an authentication to our machine using the "Printer Bug", and also using the impacket tool set.