User Enumeration
This details various different techniques and methods required to enumerate domain users and user properties within Active Directory.
Enumerate single user
C:\> net user maurice.moss /domain
Enumerate all users
C:\> net user /domain
Enumerate single user
PS C:\> Get-DomainUser Mero.Vingian
Enumerate all users
PS C:\> Get-DomainUser
Enumerate all users with specific properties
PS C:\> Get-DomainUser -properties samaccountname,logoncount,admincount | ft
Enumerate all users with a Service Principal Name (SPN)
PS C:\> Get-DomainUser -SPN
Enumerate single user
PS C:\> ([ADSISearcher]"(&(objectClass=user)(samAccountType=805306368)(samaccountname=maurice.moss))").FindAll().Properties
Enumerate all users
PS C:\> ([ADSISearcher]"(&(objectClass=user)(samAccountType=805306368))").FindAll()|ft
Enumerate all users returning specific properties
PS C:\> ([ADSISearcher]"(&(objectClass=user)(samAccountType=805306368))").FindAll() | %{ $_.Properties["samaccountname"] }
Enumerate all users with a Service Principal Name (SPN)
PS C:\> ([ADSISearcher]"(&(objectClass=user)(servicePrincipalName=*)(samAccountType=805306368))").FindAll()
