# Groups

## Get All Groups in Current Domain

```powershell
# AD Module
Get-ADGroup -Filter * | Select Name
Get-ADGroup -Filter * -Properties *

# PowerView
Get-NetGroup
Get-NetGroup -FullData
```

## Get Information about Groups in other Domain

```powershell
Get-NetGroup -Domain lab.local
```

## Get All Groups Containing the Word "admin" in Group Name

```powershell
# AD Module
Get-ADGroup -Filter 'Name -Like "*admin*"' | Select Name

# PowerView
Get-NetGroup "*admin*"
```

## Get Information about Specific Group

```powershell
Get-NetGroup -FullData "Domain Admins"
```

## Get All Members of Domain Admins Group

```powershell
# AD Module
Get-ADGroupMember -Identity "Domain Admins" -Recursive

# PowerView
Get-NetGroupMember -GroupName "Domain Admins" -Recurse
```

## Get List of Enterprise Admins, only Available from Forest Root

```powershell
Get-NetGroupMember -GroupName "Enterprise Admins" -Domain lab.local
```

## Get Group Membership for a User

```powershell
# AD Module
Get-ADPrincipalGroupMembership -Identity student1

# PowerView
Get-NetGroup -UserName "student1"
```

## List All Local Groups on a Machine (needs Administrator Privileges on Non-dc Machines)

```powershell
Get-NetLocalGroup -ComputerName dc.lab.local -ListGroups
```

## Get Members of All Local Groups on a Machine (needs Administrator Privileges on Non-dc Machines)

```powershell
Get-NetLocalGroup -ComputerName dc.lab.local -Recurse
```

## Find Linked DA Accounts Using Name Correlation

```powershell
Get-DomainGroupMember 'Domain Admins' | %{Get-DomainUser $_.membername -LDAPFilter '(displayname=*)'} | %{$a=$_.displayname.split(' ')[0..1] -join ' '; Get-DomainUser -LDAPFilter "(displayname=*$a*)" -Properties displayname,samaccountname}
```

## Find Any Machine Accounts in Privileged Groups

```powershell
Get-DomainGroup -AdminCount | Get-DomainGroupMember -Recurse | ?{$_.MemberName -like '*$'}
```

## Enumerate All Groups that Don't Have a Global Scope, Returning just Group Names

```powershell
Get-DomainGroup -GroupScope NotGlobal -Properties name
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://wiki.bufu-sec.com/active-directory/enumeration/groups.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.