This rule detects the usage of the PowerShell cmdlet 'Get-ADComputer' to identify computers configured for unconstrained delegation in Active Directory environments. Unconstrained delegation is a privilege that allows a service to impersonate a user and access resources on behalf of that user without requiring further authentication. This can lead to significant security risks if exploited by an attacker. The detection logic focuses on specific properties checked via the cmdlet, such as 'TrustedForDelegation', 'TrustedToAuthForDelegation', and others. The rule is designed to trigger when any of these properties are queried, indicating reconnaissance or discovery attempts related to delegation configurations. The use of Script Block Logging is a prerequisite for this rule to function effectively, meaning any PowerShell script execution must be captured for accurate detection. As this detection targets active reconnaissance techniques, it is placed at a medium severity level. Legitimate administrative activities may cause false positives, requiring careful scrutiny and context understanding when alerts are generated.