User Enumeration

This details various different techniques and methods required to enumerate domain users and user properties within Active Directory.

Windows
PowerView
Native PowerShell
Enumerate single user 
C:\> net user maurice.moss /domain
Enumerate all users
C:\> net user /domain
Enumerate single user
PS C:\> Get-DomainUser Mero.Vingian
Enumerate all users
PS C:\> Get-DomainUser
Enumerate all users with specific properties
PS C:\> Get-DomainUser -properties samaccountname,logoncount,admincount | ft
Enumerate all users with a Service Principal Name (SPN)
PS C:\> Get-DomainUser -SPN
Enumerate single user
PS C:\> ([ADSISearcher]"(&(objectClass=user)(samAccountType=805306368)(samaccountname=maurice.moss))").FindAll().Properties
Enumerate all users
PS C:\> ([ADSISearcher]"(&(objectClass=user)(samAccountType=805306368))").FindAll()|ft
Enumerate all users returning specific properties
PS C:\> ([ADSISearcher]"(&(objectClass=user)(samAccountType=805306368))").FindAll() | %{ $_.Properties["samaccountname"] }
Enumerate all users with a Service Principal Name (SPN)
PS C:\> ([ADSISearcher]"(&(objectClass=user)(servicePrincipalName=*)(samAccountType=805306368))").FindAll()
​
​
​
​
​

Domain Controllers

Next - Active Directory Enumeration

Group Enumeration

Last modified 3yr ago