Using AD Module

Get Current Domain:

Get-ADDomain

Enum Other Domains:

Get-ADDomain -Identity <Domain>

Get Domain SID:

Get-DomainSID

Get Domain Controlers:

Get-ADDomainController
Get-ADDomainController -Identity <DomainName>

Enumerate Domain Users:

Get-ADUser -Filter * -Identity <user> -Properties *

#Get a specific "string" on a user's attribute
Get-ADUser -Filter 'Description -like "*wtver*"' -Properties Description | select Name, Description

Enum Domain Computers:

Get-ADComputer -Filter * -Properties *
Get-ADGroup -Filter *

Enum Domain Trust:

Get-ADTrust -Filter *
Get-ADTrust -Identity <DomainName>

Enum Forest Trust:

Get-ADForest
Get-ADForest -Identity <ForestName>

#Domains of Forest Enumeration
(Get-ADForest).Domains

Enum Local AppLocker Effective Policy:

Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections

PreviousUsing PowerView NextUsing BloodHound

Last updated 7 months ago