ad-modules
Usage
domain user, computer and groups enumeration
PS> Get-ADUser -Filter * -Properties *
PS> Get-ADUser -Filter * | select samaccountname # only list account names
PS> Get-ADUser -Filter * | select -ExpandProperty samaccountname | measure
PS> Get-ADUser -Identity studentuser1 -Properties *
PS> Get-ADUser -Filter * -Properties * | select -First 1 | Get-Member -MemberType *Property | select Name
PS> Get-ADUser -filter * -Properties * | select name, @{expression={[datetime]::fromFileTime($_.pwdlastset_)}}
PS> Get-ADUser -filter * -Properties * | select name, logoncount
PS> Get-ADUser -filtler 'Description -like "*built*"' -Properties Description | select name, Description
PS> Get-ADUser -filter * -properties * | select name, Description
PS> Get-ADComputer -Filter *
PS> Get-ADCOmputer -Filter 'OperatingSystem like "*Windows Serer 2019 Standard*"' -Properties OperatingSystem
PS> Get-ADGRoup -Filter * | select Name
PS> Get-ADGroupMember -Identity "Domain Admin" -Recursive
PS> Get-ADPrincipalGroupMembership -Identity studentuser1
PS> Get-ADPrincipalGroupMembershipRecursive 'studnetuser1' # custom function in slides
# nicer to view in bloodhoundAlternative for get domain group members:
function Get-ADPrincipalGroupMembershipRecursive ($SamAccountName) {
$groups = @(Get-ADPrincipalGroupMembership -Identity $SamAccountName | select -ExpandProperty distinguishedname)
$groups
if ($groups.count -gt 0) {
foreach ($group in $groups) {
Get-ADPrincipalGroupMembershipRecursive $group
}
}
}
Get-ADPrincipalGroupMembershipRecursive 'studentuser21'When using the AD Module you can use -Server server to use another domain controller.
OUs
PS> Get-ADOrganizationalUnit -Filter * - Properties *domain trusts
PS> Get-ADTrust
PS> Get-ADTrust -Filter *
# enumerate all domains in the current furst and search for extra-forest and non-transitive
PS> (Get-ADForest).Domains | %{Get-ADTrust -Filter '(intraFrost -ne $True) -and (ForestTransitive -ne %True)'}
PS> Get-ADTurst -Filter * -Server eu.local