๐Ÿง‘โ€๐Ÿ’ปAD Users

Domain User Information

Count Domain Users

Code

(Get-DomainUser).count

Get-DomainUser

Code

Get-DomainUser -Identity <username> -Domain example.local | Select-Object -Property name,samaccountname,description,memberof,whencreated,pwdlastset,lastlogontimestamp,accountexpires,admincount,userprincipalname,serviceprincipalname,mail,useraccountcontrol

Example

name                 : Username
samaccountname       : username
description          :
memberof             : {CN=VPN Users,OU=Security Groups,OU=Corp,DC=EXAMPLE,DC=LOCAL, CN=Shared Calendar
                       Read,OU=Security Groups,OU=Corp,DC=EXAMPLE,DC=LOCAL, CN=Printer Access,OU=Security
                       Groups,OU=Corp,DC=EXAMPLE,DC=LOCAL, CN=File Share H Drive,OU=Security
                       Groups,OU=Corp,DC=EXAMPLE,DC=LOCAL...}
whencreated          : 10/27/2021 5:37:06 PM
pwdlastset           : 11/18/2021 10:02:57 AM
lastlogontimestamp   : 2/27/2022 6:34:25 PM
accountexpires       : NEVER
admincount           : 1
userprincipalname    : username@example.local
serviceprincipalname :
mail                 :
useraccountcontrol   : NORMAL_ACCOUNT, DONT_EXPIRE_PASSWORD, DONT_REQ_PREAUTH

Code

Enumerate All Domain Users / Export CSV

Code

Get-DomainUser * -Domain inlanefreight.local | Select-Object -Property name,samaccountname,description,memberof,whencreated,pwdlastset,lastlogontimestamp,accountexpires,admincount,userprincipalname,serviceprincipalname,mail,useraccountcontrol | Export-Csv .\inlanefreight_users.csv -NoTypeInformation

KerberosPreauthNotRequired

Code

Get-DomainUser -KerberosPreauthNotRequired -Properties samaccountname,useraccountcontrol,memberof

Kerberos Constrained Delegation

Code

Get-DomainUser -TrustedToAuth -Properties samaccountname,useraccountcontrol,memberof

Unconstrained Delegation

Code

Get-DomainUser -LDAPFilter "(userAccountControl:1.2.840.113556.1.4.803:=524288)"

Description Field

Code

Get-DomainUser -Properties samaccountname,description | Where {$_.description -ne $null}

Example

samaccountname description
-------------- -----------
Administrator  Built-in account for administering the computer/domain
Guest          Built-in account for guest access to the computer/domain
DefaultAccount A user account managed by the system.
krbtgt         Key Distribution Center Service Account
svc-sccm       **Do not change password** 03/04/2015 N3ssu$_svc2014!

Service Principal Names (SPNs)

Code

Get-DomainUser -SPN -Properties samaccountname,memberof,serviceprincipalname

Find-ForeignGroup

Code

Find-ForeignGroup
Convert-SidToName S-1-5-21-888139820-103978830-333442103-1602

Service Principal Names (Other Domains)

Code

Get-DomainUser -SPN -Domain freightlogistics.local | select samaccountname,memberof,serviceprincipalname | fl

Password Set Time

Code

Get-DomainUser -Properties samaccountname,pwdlastset,lastlogon -Domain InlaneFreight.local | select samaccountname, pwdlastset, lastlogon | Sort-Object -Property pwdlastset

Password Set Time (Before Certain Date)

Code

Get-DomainUser -Properties samaccountname,pwdlastset,lastlogon -Domain InlaneFreight.local | select samaccountname, pwdlastset, lastlogon | where { $_.pwdlastset -lt (Get-Date).addDays(-90) }

PreviousPowerViewNextAD Groups

Last updated