Computers

Get List of Computers in Current Domain

# AD Module
Get-ADComputer -Filter * -Properties *
Get-ADComputer -Filter * | Select Name

# PowerView
Get-NetComputer
Get-NetComputer -FullData

Check for Live Hosts (depends on ICMP)

# AD Module
Get-ADComputer -Filter * -Properties DNSHostName | %{Test-Connection -Count 1 -ComputerName $_.DNSHostName}

# PowerView
Get-NetComputer -Ping

Information about Operating Systems

# AD Module
Get-ADComputer -Filter 'OperatingSystem -Like "*Server 2016"' -Properties OperatingSystem | Select Name,OperatingSystem

# PowerView
Get-NetComputer -OperatingSystem "*Server 2016"
Get-NetComputer -FullData | select dnshostname,operatingsystem

Get List of Sessions on Computer

# PowerView
Get-NetSession -ComputerName "dc01.lab.local"

Find Any Computers with Constrained Delegation Set

# PowerView
Get-DomainComputer -TrustedToAuth

Find All Servers that Allow Unconstrained Delegation

# PowerView
Get-DomainComputer -Unconstrained

Return the Local Groups of a Remote Server

# PowerView
Get-NetLocalGroup SERVER.domain.local

Return the Local Group Members of a Remote Server Using Win32 API Methods (faster but less info)

# PowerView
Get-NetLocalGroupMember -Method API -ComputerName SERVER.domain.local

Enumerates Computers in the Current Domain with 'outlier' Properties

# PowerView
Get-DomainComputer -FindOne | Find-DomainObjectPropertyOutlier

PreviousGroups NextOUs

Last updated 2 years ago