Skip to content

Information gathering AD

cmd

System

systeminfo

User

enumerate all local account

net user

enumerate all users in domain

net user /domain

user details

net user natasha.howells /domain

GROUP

enumerate all groups in domain

net group /domain

group details

net group "Tier 1 Admins" /domain

ACCOUNT

password policy

net accounts /domain
more about net command here https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/net-commands-on-operating-systems

powershell

get domain

[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

enumerate user

get-aduser -filer *

get-aduser -folter * -searchBase "CN=Users,DC=THMREDTEAM,DC=COM"
get-aduser -folter * -searchBase "OU=THM,DC=THMREDTEAM,DC=COM"

Get-ADUser -Identity gordon.stevens -Server za.tryhackme.com -Properties *

Get-ADUser -Filter 'Name -like "*stevens"' -Server za.tryhackme.com | Format-Table Name,SamAccountName -A

enumerate groups

Get-ADGroup -Identity Administrators -Server za.tryhackme.com

Get-ADGroupMember -Identity Administrators -Server za.tryhackme.com

enumerate objects

looking for all AD objects that were changed after a specific date 

$ChangeDate = New-Object DateTime(2022, 02, 28, 12, 00, 00)
Get-ADObject -Filter 'whenChanged -gt $ChangeDate' -includeDeletedObjects -Server za.tryhackme.com

enumerate domains

Get-ADDomain -Server za.tryhackme.com