It is possible to use a native windows binary (in addition to powershell cmdlet Get-Acl) to enumerate Active Directory object security persmissions. The binary of interest is dsacls.exe.
Dsacls allows us to display or modify permissions (ACLS) of an Active Directory Domain Services (AD DS).
Execution
Let's check if user spot has any special permissions against user's spotless AD object:
Enumerating AD object permissions this way does not come in a nice format that can be piped between powershell cmd-lets, but it's still something to keep in mind if you do not the ability to use tools like powerview or ActiveDirectory powershell cmdlets or if you are trying to LOL.
For more good privileges to be abused:
Password Spraying Anyone?
As a side note, the dsacls binary could be used to do LDAP password spraying as it allows us to bind to an LDAP session with a specified username and password: