AD-Module
Import-Module
Import-Module C:\AD\Tools\ADModule-master\Microsoft.ActiveDirectory.Management.dll
Import-Module C:\AD\Tools\ADModule-master\ActiveDirectory\ActiveDirectory.psd1
PS C:\> Import-Module .\Microsoft.ActiveDirectory.Management.dll
PS C:\> Import-Module .\ActiveDirectory.psd1Get-ADDomain
Get-ADDomain
Get-ADDomain -Identity vulnableone.localDomainSID
(Get-ADDomain).DomainSID
(Get-ADDomain -Identity vulnableone.local).DomainSIDGet-ADDomainController
Get-ADDomainController
Get-ADDomainController -DomainName vulnableone.local -DiscoverGet-ADUser
Get-ADUser -Filter * -Properties * |more
Get-ADUser -Identity khan.chanthou -Properties *
Get-ADUser -Filter * -Properties * | select samaccountname, pwdlastset, logoncount
Get-ADUser -Filter * -Properties * | select samaccountname, @{expression={[datetime]::fromFileTime($_.pwdlastset)}}, logoncount
Get-ADUser -Filter * -Properties * | select samaccountname, description
Get-ADUser -Filter 'Description -like "*built*"' -Properties Description | select name, Description
Get-ADUser -Filter 'Name -like "*admin*"' -Properties Description | select name, DescriptionGet-ADComputer
Get-ADComputer -Filter * |select Name
Get-ADComputer -Filter * -Properties Name | ft Name,DNSHostName,IPv4Address
Get-ADComputer -Filter 'OperatingSystem -like "*Windows Server 2019 Standard*"' -Properties OperatingSystem | select name, operatingsystem
Get-ADComputer -Filter 'OperatingSystem -like "*Windows 11*"' -Properties OperatingSystem | select name, operatingsystem
Get-ADComputer -Filter * -Properties DNSHostName | %{Test-Connection -Count 1 -ComputerName $_.DNSHostName}Get-ADGroup
Get-ADGroup -Filter * | select name
Get-ADGroup -Filter * -Properties *
Get-ADGroup -Filter 'Name -like "*admin*"' | select name
Get-ADGroup -Filter 'Name -like "*admin*"' -Server vulnableone.local | select name
Get-ADGroupMember -Identity "Domain Admins" -Recursive
Get-ADGroupMember -Identity "Enterprise Admins" -Server vulnableone.local
Get-ADPrincipalGroupMembership -Identity khan.chanthouGet-ADOrganizationalUnit
Get-ADOrganizationalUnit -Filter * -Properties *
Get-ADOrganizationalUnit -Filter * -Properties * | select name, gplink
Get-ADOrganizationalUnit -Identity 'OU=Domain Controllers,DC=vulnableone,DC=local' | %{Get-ADComputer -SearchBase $_ -Filter *} | select nameGet-ACL
Get-ACL 'AD:\CN=Domain Admins,CN=Users,DC=vulnableone,DC=local' | select -ExpandProperty AccessGet-ADTrust
Get-ADTrust -Filter *
Get-ADTrust -Identity vulnableone.localGet-ADForest
Get-ADForest
(Get-ADForest).Domains
Get-ADForest | select -ExpandProperty GlobalCatalogs
Get-ADTrust -Filter 'intraForest -ne $True' -Server (Get-ADForest).Name
(Get-ADForest).Domains | %{Get-ADTrust -Filter '(intraForest -ne $True) -and (ForestTransitive -ne $True)'-Server $_}
Get-ADTrust -Filter * -Server vulnableone.localKerberoast
Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalNameUnconstrained Delegation
Get-ADUser -Filter {TrustedForDelegation -eq $True}
Get-ADComputer -Filter {TrustedForDelegation -eq $True}Constrained Delegation
Get-ADObject -Filter {msDS-AllowedToDelegateTo -ne "$null"} -Properties msDS-AllowedToDelegateToLast updated