Page Comparison

...

1. Query for <object-class> in <container> where:
   1. <action-attribute> is true
   2. <permission-attribute> has a value
   3. <targets-attribute> has a value
2. For each object found in previous step...
   
   1. Grant <permission-attribute> delegation on object to each principal in <targets-attribute>
   2. Update <reports-attribute> with "<timestamp>;<add/remove>;<delegation>;<managedBy><DNs>"
   3. Clear <action-attribute>, <permission-attribute>, <targets-attribute>
3. Create scheduled task on ADFS servers to perform query every hour
   1. Run as dedicated GMSA
      1. All permissions actions taken by known account
      2. Password of account managed by domain
   2. Leverage HostCheck
      1. Avoid duplication of work

...