https://casvancooten.com/posts/2020/11/windows-active-directory-exploitation-cheat-sheet-and-command-reference/

Introduction:

Enumerate every single user, don't leave any stones untuned. "Rinse and Repeat" process is the key to successful enumeration.

Background:

Enumerating a domain server (corp.com) with an user credentials who have access to remote desktop.

Task:

xfreerdp /u:stephanie /d:corp.com /v:192.168.50.75

Then enter password:- LegmanTeamBenzoin!!

1. Start enumerating with user information

net user /domain → To find info of local users

1. Find for interesting prefixes as if for domain names.

net user jeffadmin /domain