Computers
Get List of Computers in Current Domain
# AD Module
Get-ADComputer -Filter * -Properties *
Get-ADComputer -Filter * | Select Name
# PowerView
Get-NetComputer
Get-NetComputer -FullData
Check for Live Hosts (depends on ICMP)
# AD Module
Get-ADComputer -Filter * -Properties DNSHostName | %{Test-Connection -Count 1 -ComputerName $_.DNSHostName}
# PowerView
Get-NetComputer -Ping
Information about Operating Systems
# AD Module
Get-ADComputer -Filter 'OperatingSystem -Like "*Server 2016"' -Properties OperatingSystem | Select Name,OperatingSystem
# PowerView
Get-NetComputer -OperatingSystem "*Server 2016"
Get-NetComputer -FullData | select dnshostname,operatingsystem
Get List of Sessions on Computer
# PowerView
Get-NetSession -ComputerName "dc01.lab.local"
Find Any Computers with Constrained Delegation Set
# PowerView
Get-DomainComputer -TrustedToAuth
Find All Servers that Allow Unconstrained Delegation
# PowerView
Get-DomainComputer -Unconstrained
Return the Local Groups of a Remote Server
# PowerView
Get-NetLocalGroup SERVER.domain.local
Return the Local Group Members of a Remote Server Using Win32 API Methods (faster but less info)
# PowerView
Get-NetLocalGroupMember -Method API -ComputerName SERVER.domain.local
Enumerates Computers in the Current Domain with 'outlier' Properties
# PowerView
Get-DomainComputer -FindOne | Find-DomainObjectPropertyOutlier
Last updated