The msExchStorageGroup schema class added during Exchange installation can be used to create almost any AD object including users, groups or domain trusts leading to elevation of privilege.
advisories | CVE-2021-34470
Microsoft Exchange AD Schema Misconfiguration Privilege Escalation
