Request for comments: CreateChildComputer / CreateChildUser ACEs

[cnotin]

What do you think of the following before I continue working on it and propose a clean PR?

Creating computer accounts is allowed by default with a global parameter, and it has interesting usages (https://blog.netspi.com/machineaccountquota-is-useful-sometimes/). But it also works when it's delegated on specific OUs through ACEs! Which isn't currently collected nor used by SharpHound/BloodHound. The same is also true for creating users :) Or even other objects but I see less practical use...

I have an unfinished implementation, before I clean it up, do you think it's worthwhile?