Unfiltered SID query when operating ACL attack

[ShutdownRepo]

trafficstars

I noticed the (objectCategory=user) while attempting an ACE abuse of a controlled computer account who had WriteDacl permissions against a domain node. During the attack, the --escalate-user was set to the same computer account mentioned above. The filter in place wouldn't allow for that attack to succeed since the computer account was not a user account. This use case can be met a lot (i.e. when abusing the MachineAccountQuota domain level attribute set by default to 10) and I don't see an interest in keeping that filter.