Thanks for the script, will check it out 
FYI technically that backup privilege isn’t an “AD privilege”. Its just a local machine priv that exists on all non domain machines as well, like every other privilege shown here: Privilege Constants (Winnt.h) - Win32 apps | Microsoft Learn
But yeah if you have that priv on a machine that happens to be an AD domain controller then you can abuse it to grab files that relate to AD like NTDIS.DIT.