Comment on page

Group Enumeration

This details various different techniques and methods required to enumerate domain groups and properties within Active Directory.

Windows
PowerView
Native Powershell
Enumerate all  domain groups
C:\> net group /domain
Enumerate domain group members
C:\> net group "Domain Admins" /domain
Enumerate all  domain groups
C:\> Get-DomainGroup
Enumerate domain group members
C:\> Get-DomainGroupMember "Domain Admins" | %{ $_.MemberName }
Enumerate all  domain groups
PS C:\> ([ADSISearcher]"ObjectClass=group").FindAll()
PS C:\> ([ADSISearcher]"ObjectClass=group").FindAll() | %{ $_.Properties["samaccountname"] }
Enumerate all groups with the string "ACCESS" in the name property
PS C:\> ([ADSISearcher]"(&(objectClass=group)(name=*ACCESS*))").FindAll()
Enumerate specific domain group
PS C:\> ([ADSISearcher]"(&(ObjectClass=group)(samaccountname=Domain Admins))").FindOne()
Enumerate domain group members
PS C:\> ([ADSISearcher]"(distinguishedname=CN=TS ACCESS,CN=Users,DC=corp,DC=contoso,DC=local)").FindOne().Properties.member
​

Active Directory Enumeration - Previous

User Enumeration

Next - Active Directory Enumeration

AppLocker Enumeration

Last modified 3yr ago