PowerView

. .\PowerView.ps1
Import-Module .\PowerView.ps1

Get-Domain

Get-Domain -Domain domain.name

Get-DomainSID

1. Get-DomainPolicyData
2. (Get-DomainPolicyData).systemaccess

(Get-DomainPolicyData -domain domain.name).systemaccess

Finding the Domain Controller

Get-DomainController

Get-DomainController -Domain domain.com

Finding users in a domain

1. Get-DomainUser
2. Get-DomainUser -Identity username

Finding properties for users in the current domain

Get-DomainUser -Identity username -Properties *
Get-DomainUser -Properties samaccountname, logonCount

Finding computers in the current domain

Get-DomainComputer | select Name
Get-DomainComputer -OperatingSystem "*Server 2022*"
Get-DomainComputer -Ping

Get-NetComputer

Finding groups in the current domain

Get-DomainGroup | select Name
Get-DomainGroup -Domain <domain.name>

Get-DomainGroup *admin*

Get-DomainGroup -Identity *Enterprise Admins* -Domain domain.com -Properties objectsid

Finding members of a group

Get-DomainGroupMember -Identity "Domain Admins" -Recurse

Find-DomainUserLocation

Get-DomainGroup -UserName "whatever"

Finding local groups on a machine

Get-NetLocalGroup -Computername fqdn\computer-name

Get-NetLocalGroupMember -ComputerName fqdn\computer-name -GroupName Administrators

Finding actively logged users on a computer for OPSEC

Get-NetLoggedon -ComputerName fqdn\computer-name

Get-LoggedonLocal -ComputerName fqdn\computer-name

Get-LastLoggedOn -ComputerName computer-name

Finding shares on hosts in the current domain

Find-DomainShare

Invoke-ShareFinder -Verbose

Invoke-FileFinder -Verbose

Get-NetFileServer

1. Get-DomainGPO
2. Get-DomainGPO -ComputerIdentity machine-name

Get-DomainGPOLocalGroup

Get-DomainGPOComputerLocalGroupMapping -ComputerIdentity machine-name

Get-DomainGPOUserLocalGroupMapping -Identity username -Verbose

Finding OUs in a domain

Get-DomainOU

Get-DomainGPO -Identity "{GPO here}"

Finding Access Control Lists of objects

Get-DomainObjectAcl -SamAccountName username -ResolveGUIDs

Get-DomainObjectAcl -SearchBase "LDAP://CN=Domain Admins,CN=Users,DC=namebeforefirstdot,DC=namebeforeseconddot,DC=namebeforeanymoredots" -ResolveGUIDs -Verbose

Find-InterestingDomainAcl -ResolveGUIDs

Get-PathAcl -Path "\\computer-name\sysvol"

Active Directory Resource

Explorer

PowerView

Finding the Domain Controller

Finding users in a domain

Finding properties for users in the current domain

Finding computers in the current domain

Finding groups in the current domain

Finding members of a group

Finding local groups on a machine

Finding actively logged users on a computer for OPSEC

Finding shares on hosts in the current domain

Finding OUs in a domain

Finding Access Control Lists of objects

Graph View

Active Directory Resource

Explorer

PowerView

Finding the Domain Controller

Finding users in a domain

Finding properties for users in the current domain

Finding computers in the current domain

Finding groups in the current domain

Finding members of a group

Finding local groups on a machine

Finding actively logged users on a computer for OPSEC

Finding shares on hosts in the current domain

Finding GPOs and related information in the current domain

Finding OUs in a domain

Finding Access Control Lists of objects

Graph View