Groups

Get All Groups in Current Domain

# AD Module
Get-ADGroup -Filter * | Select Name
Get-ADGroup -Filter * -Properties *

# PowerView
Get-NetGroup
Get-NetGroup -FullData

Get Information about Groups in other Domain

Get-NetGroup -Domain lab.local

Get All Groups Containing the Word "admin" in Group Name

# AD Module
Get-ADGroup -Filter 'Name -Like "*admin*"' | Select Name

# PowerView
Get-NetGroup "*admin*"

Get Information about Specific Group

Get-NetGroup -FullData "Domain Admins"

Get All Members of Domain Admins Group

# AD Module
Get-ADGroupMember -Identity "Domain Admins" -Recursive

# PowerView
Get-NetGroupMember -GroupName "Domain Admins" -Recurse

Get List of Enterprise Admins, only Available from Forest Root

Get-NetGroupMember -GroupName "Enterprise Admins" -Domain lab.local

Get Group Membership for a User

# AD Module
Get-ADPrincipalGroupMembership -Identity student1

# PowerView
Get-NetGroup -UserName "student1"

List All Local Groups on a Machine (needs Administrator Privileges on Non-dc Machines)

Get-NetLocalGroup -ComputerName dc.lab.local -ListGroups

Get Members of All Local Groups on a Machine (needs Administrator Privileges on Non-dc Machines)

Get-NetLocalGroup -ComputerName dc.lab.local -Recurse

Find Linked DA Accounts Using Name Correlation

Get-DomainGroupMember 'Domain Admins' | %{Get-DomainUser $_.membername -LDAPFilter '(displayname=*)'} | %{$a=$_.displayname.split(' ')[0..1] -join ' '; Get-DomainUser -LDAPFilter "(displayname=*$a*)" -Properties displayname,samaccountname}

Find Any Machine Accounts in Privileged Groups

Get-DomainGroup -AdminCount | Get-DomainGroupMember -Recurse | ?{$_.MemberName -like '*$'}

Enumerate All Groups that Don't Have a Global Scope, Returning just Group Names

Get-DomainGroup -GroupScope NotGlobal -Properties name

PreviousUsers NextComputers

Last updated 2 years ago

Groups

Get All Groups in Current Domain

# AD Module
Get-ADGroup -Filter * | Select Name
Get-ADGroup -Filter * -Properties *

# PowerView
Get-NetGroup
Get-NetGroup -FullData

Get Information about Groups in other Domain

Get-NetGroup -Domain lab.local

Get All Groups Containing the Word "admin" in Group Name

# AD Module
Get-ADGroup -Filter 'Name -Like "*admin*"' | Select Name

# PowerView
Get-NetGroup "*admin*"

Get Information about Specific Group

Get-NetGroup -FullData "Domain Admins"

Get All Members of Domain Admins Group

# AD Module
Get-ADGroupMember -Identity "Domain Admins" -Recursive

# PowerView
Get-NetGroupMember -GroupName "Domain Admins" -Recurse

Get List of Enterprise Admins, only Available from Forest Root

Get-NetGroupMember -GroupName "Enterprise Admins" -Domain lab.local

Get Group Membership for a User

# AD Module
Get-ADPrincipalGroupMembership -Identity student1

# PowerView
Get-NetGroup -UserName "student1"

List All Local Groups on a Machine (needs Administrator Privileges on Non-dc Machines)

Get-NetLocalGroup -ComputerName dc.lab.local -ListGroups

Get Members of All Local Groups on a Machine (needs Administrator Privileges on Non-dc Machines)

Get-NetLocalGroup -ComputerName dc.lab.local -Recurse

Find Linked DA Accounts Using Name Correlation

Get-DomainGroupMember 'Domain Admins' | %{Get-DomainUser $_.membername -LDAPFilter '(displayname=*)'} | %{$a=$_.displayname.split(' ')[0..1] -join ' '; Get-DomainUser -LDAPFilter "(displayname=*$a*)" -Properties displayname,samaccountname}

Find Any Machine Accounts in Privileged Groups

Get-DomainGroup -AdminCount | Get-DomainGroupMember -Recurse | ?{$_.MemberName -like '*$'}

Enumerate All Groups that Don't Have a Global Scope, Returning just Group Names

Get-DomainGroup -GroupScope NotGlobal -Properties name

PreviousUsers NextComputers

Last updated 2 years ago