AD living off the land Flashcards
Powershell, list all available modules
get-module
Powershell, gather domain info
get-addomain
Powershell, list users on a domain with SPN non null
get-aduser -filter {ServicePrincipalName -ne “$null”} -properties ServicePrincipalName
Powershell, list trust relationships in domain and filter by any property
get-adtrust -filter *
Powershell, list groups in a domain and filter by name
get-adgroup -filter * | select name
Powershell, search for a specific group
get-adgroup -identity “name of group”
CMD, info about password reqs
net accounts
CMD, passw policy and lockout
net accounts /domain
CMD, info on domain groups
net group /domain
CMD, list users with domain admin privs
net group “Domain Admins” /domain
CMD, list PCs connected to domain
net group “domain computers” /domain
CMD, list PCs accounts of DC
net group “Domain Controllers” /domain
CMD, list users of a group
net group group_name /domain
CMD, list domain groups
net groups /domain
CMD, list all available groups
net localgroup
CMD, list all users belonging to administrastors group
net localgroup administrators /domain
CMD, info on a group
net localgroup group_name
CMD, check curresnt share
net share
CMD, info o a user in the domain
net user account_name /domainl
CMD, list all users
net user /domain
CMD, info on a user
net user user_name
CMD, list all computers
net view
CMD, list all shares on the domain
net view /all/domain[:domainname]
CMD, list of all shares of a compuer
net view \computer /ALL
