https://learn.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2022-ps

ActiveDirectory Module

Load AD Module

Get-Module
Import-Module ActiveDirectory

Get Domain info

Get-ADDomain

Get-ADUser

Filtering for accounts with the ServicePrincipalName property populated. This will get us a listing of accounts that may be susceptible to a Kerberoasting attack.

Get-ADUser -Filter {ServicePrincipalName -ne "$null"} -Properties ServicePrincipalName

Get-ADUser -Filter *
Get-ADUser -Filter "Name -like '*admin*'"
Get-ADUser -Identity [username]
Get-ADUser -Identity [username] -Server test.local -Properties *
Get-ADUser -Identity [username] -Properties *
Get-ADUser -Identity [username] -Properties LastLogonDate,MemberOf,Title,Description,PwdLastSet

Checking For Trust Relationships

Get-ADTrust -Filter *

Group Enumeration

Get-ADGroup -Filter *
Get-ADGroup -Filter * | Select Name
Get-ADGroupMember -Identity "[group name]"
Get-ADGroupMember -Identity "Remote Management Users"
Get-ADGroupMember -Identity "Domain Admins"

Computer Enumeration

Get-ADComputer -Filter *
Get-ADComputer -Filter * | Select Name, OperatingSystem

Password Policy

Get-ADDefaultDomainPasswordPolicy

PowerView

Import-Module .\\PowerView.ps1