Group Enumeration

This details various different techniques and methods required to enumerate domain groups and properties within Active Directory.

C:\> net group /domain

C:\> net group "Domain Admins" /domain

C:\> Get-DomainGroup

C:\> Get-DomainGroupMember "Domain Admins" | %{ $_.MemberName }

PS C:\> ([ADSISearcher]"ObjectClass=group").FindAll()
PS C:\> ([ADSISearcher]"ObjectClass=group").FindAll() | %{ $_.Properties["samaccountname"] }

PS C:\> ([ADSISearcher]"(&(objectClass=group)(name=*ACCESS*))").FindAll()

PS C:\> ([ADSISearcher]"(&(ObjectClass=group)(samaccountname=Domain Admins))").FindOne()

PS C:\> ([ADSISearcher]"(distinguishedname=CN=TS ACCESS,CN=Users,DC=corp,DC=contoso,DC=local)").FindOne().Properties.member

Last updated 3 years ago