Extended rights are special rights granted on objects which allow reading of privileged attributes, as well as performing special actions.
Having this privilege over a user grants the ability to reset the user’s password. For more information about that, see the ForceChangePassword edge section
You may perform resource-based constrained delegation with this privilege over a computer object. For more information about that, see the GenericAll edge section.
The AllExtendedRights privilege grants both the DS-Replication-Get-Changes and DS-Replication-Get-Changes-All privileges, which combined allow a principal to replicate objects from the domain. This can be abused using the lsadump::dcsync command in mimikatz.
This will depend on the actual attack performed. See the particular opsec considerations sections for the ForceChangePassword, AddMembers, and GenericAll edges for more info