Active Directory Enumeration Cheetsheet

Find Name & OS Version of Domain Controllers

PS C:\Users\Administrator\Downloads> Get-ADDomainController                                  


ComputerObjectDN           : CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local                                                                          
DefaultPartition           : DC=CONTROLLER,DC=local                                                                                                                   
Domain                     : CONTROLLER.local                                                                                                                         
Enabled                    : True                                                                                                                                     
Forest                     : CONTROLLER.local                                                                                                                         
HostName                   : Domain-Controller.CONTROLLER.local                                                                                                       
InvocationId               : 5669f8e7-9fd9-4eb6-8e27-d54ef7ce9c56                                                                                                     
IPv4Address                : 10.10.25.57                                                                                                                              
IPv6Address                :                                                                                                                                          
IsGlobalCatalog            : True                                                                                                                                     
IsReadOnly                 : False                                                                                                                                    
LdapPort                   : 389                                                                                                                                      
Name                       : DOMAIN-CONTROLL                                                                                                                          
NTDSSettingsObjectDN       : CN=NTDS Settings,CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local               
OperatingSystem            : Windows Server 2019 Standard Evaluation                                                                                                  
OperatingSystemHotfix      :                                                                                                                                          
OperatingSystemServicePack :                                                                                                                                          
OperatingSystemVersion     : 10.0 (17763)                                                                                                                             
OperationMasterRoles       : {SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster...}                                                                            
Partitions                 : {DC=ForestDnsZones,DC=CONTROLLER,DC=local, DC=DomainDnsZones,DC=CONTROLLER,DC=local, CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local,  
                             CN=Configuration,DC=CONTROLLER,DC=local...}                                                                                              
ServerObjectDN             : CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local                                
ServerObjectGuid           : 53e8b62c-8ba0-44b0-92db-62135874abc3                                                                                                     
Site                       : Default-First-Site-Name                                                                                                                  
SslPort                    : 636                                                                                                                                      
                                                                                                                                                                      
                                                                                                                                                                      
                                                                                                                                                                      
PS C:\Users\Administrator\Downloads>

Get List of All Operating Systems on The Domain

PS C:\Users\Administrator\Downloads> Get-NetComputer -fulldata                               


pwdlastset                    : 8/28/2020 4:12:03 AM                                                                                      
logoncount                    : 57                                                                                                        
serverreferencebl             : CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local 
badpasswordtime               : 12/31/1600 4:00:00 PM                                                                                     
distinguishedname             : CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local                                           
objectclass                   : {top, person, organizationalPerson, user...}                                                              
lastlogontimestamp            : 8/28/2020 4:12:29 AM 
name                          : DOMAIN-CONTROLL
objectsid                     : S-1-5-21-849420856-2351964222-986696166-1000
samaccountname                : DOMAIN-CONTROLL$
localpolicyflags              : 0
codepage                      : 0
samaccounttype                : 805306369
whenchanged                   : 8/28/2020 11:12:29 AM
accountexpires                : 9223372036854775807
countrycode                   : 0
adspath                       : LDAP://CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
instancetype                  : 4
msdfsr-computerreferencebl    : CN=DOMAIN-CONTROLL,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=CONTROLLER,DC=local
objectguid                    : de356d62-5156-4f21-98ad-eb28f347f32d
operatingsystem               : Windows Server 2019 Standard Evaluation
operatingsystemversion        : 10.0 (17763)
lastlogoff                    : 12/31/1600 4:00:00 PM
objectcategory                : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata         : {5/14/2020 3:14:47 AM, 1/1/1601 12:00:01 AM}
serviceprincipalname          : {TERMSRV/DOMAIN-CONTROLL, TERMSRV/Domain-Controller.CONTROLLER.local, Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/Domain-Controller.CONTROLLER.local,
                                ldap/Domain-Controller.CONTROLLER.local/ForestDnsZones.CONTROLLER.local...}
usncreated                    : 12293
memberof                      : {CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=CONTROLLER,DC=local, CN=Cert Publishers,OU=Groups,DC=CONTROLLER,DC=local}
lastlogon                     : 8/28/2020 4:13:39 AM
badpwdcount                   : 0
cn                            : DOMAIN-CONTROLL
useraccountcontrol            : 532480
whencreated                   : 5/14/2020 3:14:46 AM
primarygroupid                : 516
iscriticalsystemobject        : True
msds-supportedencryptiontypes : 28
usnchanged                    : 32781 
ridsetreferences              : CN=RID Set,CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
dnshostname                   : Domain-Controller.CONTROLLER.local

logoncount                    : 10
badpasswordtime               : 12/31/1600 4:00:00 PM
distinguishedname             : CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local
objectclass                   : {top, person, organizationalPerson, user...}
badpwdcount                   : 0
lastlogontimestamp            : 5/14/2020 12:05:03 PM
objectsid                     : S-1-5-21-849420856-2351964222-986696166-1109
samaccountname                : DESKTOP-2$
lastlogon                     : 5/14/2020 12:32:05 PM
codepage                      : 0
samaccounttype                : 805306369
whenchanged                   : 5/14/2020 7:06:38 PM
countrycode                   : 0
cn                            : DESKTOP-2
accountexpires                : 9223372036854775807
adspath                       : LDAP://CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local
PS C:\Users\Administrator\Downloads> Get-NetComputer -fulldata                               


pwdlastset                    : 8/28/2020 4:12:03 AM                                                                                                                                 
logoncount                    : 75                                                                                                                                                   
serverreferencebl             : CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local                                            
badpasswordtime               : 12/31/1600 4:00:00 PM                                                                                                                                
distinguishedname             : CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local                                                                                      
objectclass                   : {top, person, organizationalPerson, user...}                                                                                                         
lastlogontimestamp            : 8/28/2020 4:12:29 AM                                                                                                                                 
name                          : DOMAIN-CONTROLL                                                                                                                                      
primarygroupid                : 516                                                                                                                                                  
objectsid                     : S-1-5-21-849420856-2351964222-986696166-1000                                                                                                         
samaccountname                : DOMAIN-CONTROLL$                                                                                                                                     
localpolicyflags              : 0                                                                                                                                                    
codepage                      : 0                                                                                                                                                    
samaccounttype                : 805306369                                                                                                                                            
whenchanged                   : 8/28/2020 11:18:28 AM                                                                                                                                
accountexpires                : 9223372036854775807                                                                                                                                  
cn                            : DOMAIN-CONTROLL                                                                                                                                      
adspath                       : LDAP://CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local                                                                               
instancetype                  : 4                                                                                                                                                    
msdfsr-computerreferencebl    : CN=DOMAIN-CONTROLL,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=CONTROLLER,DC=local                                       
objectguid                    : de356d62-5156-4f21-98ad-eb28f347f32d                                                                                                                 
operatingsystem               : Windows Server 2019 Standard Evaluation                                                                                                              
operatingsystemversion        : 10.0 (17763)                                                                                                                                         
lastlogoff                    : 12/31/1600 4:00:00 PM                                                                                                                                
objectcategory                : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local                                                                                        
dscorepropagationdata         : {5/14/2020 3:14:47 AM, 1/1/1601 12:00:01 AM}                                                                                                         
serviceprincipalname          : {TERMSRV/DOMAIN-CONTROLL, TERMSRV/Domain-Controller.CONTROLLER.local, Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/Domain-Controller.CONTROLLER.local,  
                                ldap/Domain-Controller.CONTROLLER.local/ForestDnsZones.CONTROLLER.local...}                                                                          
usncreated                    : 12293                                                                                                                                                
usercertificate               : {48, 130, 6, 73...}                                                                                                                                  
memberof                      : {CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=CONTROLLER,DC=local, CN=Cert Publishers,OU=Groups,DC=CONTROLLER,DC=local}                       
lastlogon                     : 8/28/2020 4:18:28 AM                                                                                                                                 
badpwdcount                   : 0                                                                                                                                                    
useraccountcontrol            : 532480                                                                                                                                               
whencreated                   : 5/14/2020 3:14:46 AM                                                                                                                                 
countrycode                   : 0                                                                                                                                                    
iscriticalsystemobject        : True                                                                                                                                                 
msds-supportedencryptiontypes : 28                                                                                                                                                   
usnchanged                    : 32810                                                                                                                                                
ridsetreferences              : CN=RID Set,CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local                                                                           
dnshostname                   : Domain-Controller.CONTROLLER.local                                                                                                                   
                                                                                                                                                                                     
logoncount                    : 10                                                                                                                                                   
badpasswordtime               : 12/31/1600 4:00:00 PM                                                                                                                                
distinguishedname             : CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local                                                                                                     
objectclass                   : {top, person, organizationalPerson, user...}                                                                                                         
badpwdcount                   : 0                                                                                                                                                    
lastlogontimestamp            : 5/14/2020 12:05:03 PM                                                                                                                                
objectsid                     : S-1-5-21-849420856-2351964222-986696166-1109                                                                                                         
samaccountname                : DESKTOP-2$                                                                                                                                           
localpolicyflags              : 0                                                                                                                                                    
lastlogon                     : 5/14/2020 12:32:05 PM                                                                                                                                
codepage                      : 0                                                                                                                                                    
samaccounttype                : 805306369                                                                                                                                            
whenchanged                   : 5/14/2020 7:06:38 PM                                    
countrycode                   : 0                                                       
cn                            : DESKTOP-2                                               
accountexpires                : 9223372036854775807                                     
adspath                       : LDAP://CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local 
instancetype                  : 4                                                       
usncreated                    : 20521                                                   
objectguid                    : 99e46c23-9ea0-44da-8d67-7396aedd6fe8                    
operatingsystem               : Windows 10 Enterprise Evaluation                        
operatingsystemversion        : 10.0 (18363)                                            
lastlogoff                    : 12/31/1600 4:00:00 PM                                   
objectcategory                : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata         : 1/1/1601 12:00:00 AM
serviceprincipalname          : {RestrictedKrbHost/DESKTOP-2, HOST/DESKTOP-2, RestrictedKrbHost/Desktop-2.CONTROLLER.local, HOST/Desktop-2.CONTROLLER.local}
ms-ds-creatorsid              : {1, 5, 0, 0...}
iscriticalsystemobject        : False
usnchanged                    : 20536
useraccountcontrol            : 4096
whencreated                   : 5/14/2020 7:05:03 PM
primarygroupid                : 515
pwdlastset                    : 5/14/2020 12:05:03 PM
msds-supportedencryptiontypes : 28
name                          : DESKTOP-2
dnshostname                   : Desktop-2.CONTROLLER.local

logoncount                    : 7
badpasswordtime               : 12/31/1600 4:00:00 PM
distinguishedname             : CN=DESKTOP-1,CN=Computers,DC=CONTROLLER,DC=local
objectclass                   : {top, person, organizationalPerson, user...}
badpwdcount                   : 0
lastlogontimestamp            : 5/14/2020 12:25:53 PM
objectsid                     : S-1-5-21-849420856-2351964222-986696166-1110
samaccountname                : DESKTOP-1$
localpolicyflags              : 0
codepage                      : 0
samaccounttype                : 805306369
whenchanged                   : 5/14/2020 7:26:53 PM
countrycode                   : 0
cn                            : DESKTOP-1
accountexpires                : 9223372036854775807
adspath                       : LDAP://CN=DESKTOP-1,CN=Computers,DC=CONTROLLER,DC=local
instancetype                  : 4
usncreated                    : 20549
objectguid                    : 260ac494-585f-4ae4-884e-1acf1ff7d55f
operatingsystem               : Windows 10 Enterprise Evaluation
operatingsystemversion        : 10.0 (18363)
lastlogoff                    : 12/31/1600 4:00:00 PM
objectcategory                : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata         : 1/1/1601 12:00:00 AM
serviceprincipalname          : {RestrictedKrbHost/DESKTOP-1, HOST/DESKTOP-1, RestrictedKrbHost/Desktop-1.CONTROLLER.local, HOST/Desktop-1.CONTROLLER.local}
lastlogon                     : 5/14/2020 12:27:04 PM
iscriticalsystemobject        : False
usnchanged                    : 20563
useraccountcontrol            : 4096
whencreated                   : 5/14/2020 7:25:52 PM
primarygroupid                : 515
pwdlastset                    : 5/14/2020 12:25:52 PM
msds-supportedencryptiontypes : 28
name                          : DESKTOP-1
dnshostname                   : Desktop-1.CONTROLLER.local

Get List of All Users on Domain

PS C:\Users\Administrator\Downloads> Get-NetUser          


logoncount             : 26                                                                                                                                                                           
badpasswordtime        : 5/14/2020 12:25:47 PM                                                                                                                                                        
description            : Built-in account for administering the computer/domain                                                                                                                       
distinguishedname      : CN=Administrator,CN=Users,DC=CONTROLLER,DC=local                                                                                                                             
objectclass            : {top, person, organizationalPerson, user}                                                                                                                                    
lastlogontimestamp     : 8/28/2020 4:12:39 AM                                                                                                                                                         
name                   : Administrator                                                                                                                                                                
objectsid              : S-1-5-21-849420856-2351964222-986696166-500                                                                                                                                  
samaccountname         : Administrator                                                                                                                                                                
admincount             : 1                                                                                                                                                                            
codepage               : 0                                                                                                                                                                            
samaccounttype         : 805306368                                                                                                                                                                    
whenchanged            : 8/28/2020 11:12:39 AM                                                                                                                                                        
accountexpires         : 9223372036854775807                                                                                                                                                          
countrycode            : 0                                                                                                                                                                            
adspath                : LDAP://CN=Administrator,CN=Users,DC=CONTROLLER,DC=local                                                                                                                      
instancetype           : 4                                                                                                                                                                            
objectguid             : 1823a15b-34a7-49b2-a9f2-99279409f557                                                                                                                                         
lastlogon              : 8/28/2020 4:12:46 AM                                                                                                                                                         
lastlogoff             : 12/31/1600 4:00:00 PM                                                                                                                                                        
objectcategory         : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local                                                                                                                  
dscorepropagationdata  : {5/14/2020 3:29:56 AM, 5/14/2020 3:29:56 AM, 5/14/2020 3:14:47 AM, 1/1/1601 6:12:16 PM}                                                                                      
memberof               : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,  
                         CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}                                                                                                                        
whencreated            : 5/14/2020 3:13:54 AM                                                                                                                                                         
iscriticalsystemobject : True                                                                                                                                                                         
badpwdcount            : 0                                                                                                                                                                            
cn                     : Administrator                                                                                                                                                                
useraccountcontrol     : 66048                                                                                                                                                                        
usncreated             : 8196                                                                                                                                                                         
primarygroupid         : 513                                                                                                                                                                          
pwdlastset             : 5/13/2020 8:00:12 PM                                                                                                                                                         
usnchanged             : 32785                                                                                                                                                                        

pwdlastset             : 12/31/1600 4:00:00 PM                                       
logoncount             : 0                                                           
badpasswordtime        : 12/31/1600 4:00:00 PM                                       
description            : Built-in account for guest access to the computer/domain    
distinguishedname      : CN=Guest,CN=Users,DC=CONTROLLER,DC=local                    
objectclass            : {top, person, organizationalPerson, user}                   
name                   : Guest                                                       
objectsid              : S-1-5-21-849420856-2351964222-986696166-501                 
samaccountname         : Guest                                                       
codepage               : 0                                                           
samaccounttype         : 805306368                                                   
whenchanged            : 5/14/2020 3:13:54 AM                                        
accountexpires         : 9223372036854775807                                         
countrycode            : 0                                                           
adspath                : LDAP://CN=Guest,CN=Users,DC=CONTROLLER,DC=local             
instancetype           : 4                                                           
objectguid             : 153892ee-fa57-4038-931f-36501f651bce                        
lastlogon              : 12/31/1600 4:00:00 PM                                       
lastlogoff             : 12/31/1600 4:00:00 PM                                       
objectcategory         : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local 
dscorepropagationdata  : {5/14/2020 3:14:47 AM, 1/1/1601 12:00:01 AM}                
memberof               : CN=Guests,CN=Builtin,DC=CONTROLLER,DC=local                 
whencreated            : 5/14/2020 3:13:54 AM                                        
badpwdcount            : 0                                                           
cn                     : Guest                                                       
useraccountcontrol     : 66082                                                       
usncreated             : 8197                                                        
primarygroupid         : 514                                                         
iscriticalsystemobject : True                                                        
usnchanged             : 8197                                                        

logoncount                    : 0
badpasswordtime               : 12/31/1600 4:00:00 PM
description                   : Key Distribution Center Service Account
distinguishedname             : CN=krbtgt,CN=Users,DC=CONTROLLER,DC=local
objectclass                   : {top, person, organizationalPerson, user}
name                          : krbtgt
primarygroupid                : 513
objectsid                     : S-1-5-21-849420856-2351964222-986696166-502
whenchanged                   : 5/14/2020 3:29:56 AM
admincount                    : 1
codepage                      : 0
samaccounttype                : 805306368
showinadvancedviewonly        : True
accountexpires                : 9223372036854775807
cn                            : krbtgt
adspath                       : LDAP://CN=krbtgt,CN=Users,DC=CONTROLLER,DC=local
instancetype                  : 4
objectguid                    : 15b89d2e-13b8-4e9f-bd8f-921b221a5e2e
lastlogon                     : 12/31/1600 4:00:00 PM
lastlogoff                    : 12/31/1600 4:00:00 PM
samaccountname                : krbtgt
objectcategory                : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata         : {5/14/2020 3:29:56 AM, 5/14/2020 3:14:47 AM, 1/1/1601 12:04:16 AM}
serviceprincipalname          : kadmin/changepw
memberof                      : CN=Denied RODC Password Replication Group,OU=Groups,DC=CONTROLLER,DC=local
whencreated                   : 5/14/2020 3:14:47 AM
iscriticalsystemobject        : True
badpwdcount                   : 0
useraccountcontrol            : 514
usncreated                    : 12324
countrycode                   : 0
pwdlastset                    : 5/13/2020 8:14:47 PM
msds-supportedencryptiontypes : 0
usnchanged                    : 12863

logoncount            : 1
badpasswordtime       : 12/31/1600 4:00:00 PM
distinguishedname     : CN=Machine-1,CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : Machine-1
lastlogontimestamp    : 5/14/2020 12:29:48 PM
userprincipalname     : Machine1@CONTROLLER.local
name                  : Machine-1
objectsid             : S-1-5-21-849420856-2351964222-986696166-1103
samaccountname        : Machine1
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/14/2020 7:29:48 PM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=Machine-1,CN=Users,DC=CONTROLLER,DC=local
instancetype          : 4
usncreated            : 12780
objectguid            : e53a5a2f-b58d-4093-94fa-6720ca215b81
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
givenname             : Machine-1
lastlogon             : 5/14/2020 12:29:48 PM
badpwdcount           : 0
cn                    : Machine-1
useraccountcontrol    : 66048
whencreated           : 5/14/2020 3:23:00 AM
primarygroupid        : 513
pwdlastset            : 5/13/2020 8:23:01 PM
usnchanged            : 20566

logoncount            : 0 
badpasswordtime       : 12/31/1600 4:00:00 PM
distinguishedname     : CN=Admin2,CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : Admin2
userprincipalname     : Admin2@CONTROLLER.local
name                  : Admin2
objectsid             : S-1-5-21-849420856-2351964222-986696166-1105
samaccountname        : Admin2
admincount            : 1
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/14/2020 3:29:56 AM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=Admin2,CN=Users,DC=CONTROLLER,DC=local
instancetype          : 4
usncreated            : 12791
objectguid            : 6c2686c7-7b94-4ac4-aa6b-aedd868fb263
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
givenname             : Admin2
memberof              : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
                        CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
lastlogon             : 12/31/1600 4:00:00 PM
badpwdcount           : 0
cn                    : Admin2
useraccountcontrol    : 66048
whencreated           : 5/14/2020 3:24:42 AM
primarygroupid        : 513
pwdlastset            : 5/13/2020 8:24:43 PM
usnchanged            : 12851

logoncount            : 4
badpasswordtime       : 12/31/1600 4:00:00 PM
distinguishedname     : CN=Machine-2,CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : Machine-2
lastlogontimestamp    : 5/14/2020 11:59:23 AM
userprincipalname     : Machine2@CONTROLLER.local
name                  : Machine-2
objectsid             : S-1-5-21-849420856-2351964222-986696166-1106
samaccountname        : Machine2
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/14/2020 6:59:23 PM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=Machine-2,CN=Users,DC=CONTROLLER,DC=local
instancetype          : 4
usncreated            : 12813
objectguid            : 4f82628c-83af-49e5-93a3-d64fed306e2b
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
givenname             : Machine-2
lastlogon             : 5/14/2020 12:32:08 PM
badpwdcount           : 0
cn                    : Machine-2
useraccountcontrol    : 66048
whencreated           : 5/14/2020 3:25:38 AM
primarygroupid        : 513
pwdlastset            : 5/13/2020 8:25:39 PM
usnchanged            : 20516

logoncount            : 0
badpasswordtime       : 12/31/1600 4:00:00 PM
description           : My password is MYpassword123#
distinguishedname     : CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : SQL Service
userprincipalname     : SQLService@CONTROLLER.local
name                  : SQL Service
objectsid             : S-1-5-21-849420856-2351964222-986696166-1107
samaccountname        : SQLService
lastlogon             : 12/31/1600 4:00:00 PM
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/14/2020 3:42:53 AM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
instancetype          : 4
objectguid            : 1c3f20d7-c383-466a-9a67-92a774650cb8
sn                    : Service
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
serviceprincipalname  : DOMAIN-CONTROLLER/SQLService.CONTROLLER.local:60111
givenname             : SQL
admincount            : 1
memberof              : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
                        CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
whencreated           : 5/14/2020 3:26:57 AM
badpwdcount           : 0
cn                    : SQL Service
useraccountcontrol    : 66048
usncreated            : 12820
primarygroupid        : 513
pwdlastset            : 5/13/2020 8:26:58 PM
usnchanged            : 12890

logoncount            : 0
badpasswordtime       : 12/31/1600 4:00:00 PM
distinguishedname     : CN=POST{P0W3RV13W_FTW},CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : POST{P0W3RV13W_FTW}
userprincipalname     : POST@CONTROLLER.local
name                  : POST{P0W3RV13W_FTW}
objectsid             : S-1-5-21-849420856-2351964222-986696166-1108
samaccountname        : POST
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/14/2020 3:42:38 AM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=POST{P0W3RV13W_FTW},CN=Users,DC=CONTROLLER,DC=local
instancetype          : 4
usncreated            : 12884
objectguid            : 090f9517-49d7-43f1-a051-9aaa5ed2088f
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
givenname             : POST{P0W3RV13W_FTW}
lastlogon             : 12/31/1600 4:00:00 PM
badpwdcount           : 0
cn                    : POST{P0W3RV13W_FTW}
useraccountcontrol    : 66048
whencreated           : 5/14/2020 3:42:36 AM
primarygroupid        : 513
pwdlastset            : 5/13/2020 8:42:38 PM
usnchanged            : 12889

logoncount            : 0 
badpasswordtime       : 12/31/1600 4:00:00 PM
distinguishedname     : CN=sshd,CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : sshd
name                  : sshd
objectsid             : S-1-5-21-849420856-2351964222-986696166-1111
samaccountname        : sshd
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/15/2020 3:31:40 AM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=sshd,CN=Users,DC=CONTROLLER,DC=local
instancetype          : 4
usncreated            : 24609
objectguid            : e1c0ef9b-0de9-48ba-9f91-9fbe45ddc0c6
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
lastlogon             : 12/31/1600 4:00:00 PM
badpwdcount           : 0
cn                    : sshd
useraccountcontrol    : 66048
whencreated           : 5/15/2020 3:31:40 AM
primarygroupid        : 513
pwdlastset            : 5/14/2020 8:31:40 PM
usnchanged            : 24612

List All Admins

PS C:\Users\Administrator\Downloads> Get-NetUser -AdminCount | Select samaccountname 

samaccountname                        
--------------                        
Administrator                         
krbtgt                                
Admin2                                
SQLService

List All Groups

PS C:\Users\Administrator\Downloads> Get-NetGroup -GroupName * 
Administrators 
Users                           
Guests                          
Print Operators                 
Backup Operators                
Replicator                      
Remote Desktop Users            
Network Configuration Operators 
Performance Monitor Users       
Performance Log Users           
Distributed COM Users           
IIS_IUSRS                       
Cryptographic Operators         
Event Log Readers               
Certificate Service DCOM Access 
RDS Remote Access Servers       
RDS Endpoint Servers                
RDS Management Servers              
Hyper-V Administrators              
Access Control Assistance Operators 
Remote Management Users             
Storage Replica Administrators      
Domain Computers                    
Domain Controllers                  
Schema Admins               
Enterprise Admins           
Cert Publishers             
Domain Admins               
Domain Users                
Domain Guests               
Group Policy Creator Owners 
RAS and IAS Servers 
Server Operators                   
Account Operators                  
Pre-Windows 2000 Compatible Access 
Incoming Forest Trust Builders
Windows Authorization Access Group
Terminal Server License Servers
Allowed RODC Password Replication Group
Denied RODC Password Replication Group 
Read-only Domain Controllers
Enterprise Read-only Domain Controllers
Cloneable Domain Controllers
Protected Users
Key Admins
Enterprise Key Admins 
DnsAdmins
DnsUpdateProxy

List All Info on Accounts Belonging to a Certain Group

PS C:\Users\Administrator\Downloads> Get-NetUser | ?{$_.memberof -match 'Domain Admins'} 


logoncount             : 26                                                                                                                                                                           
badpasswordtime        : 5/14/2020 12:25:47 PM                                                                                                                                                        
description            : Built-in account for administering the computer/domain                                                                                                                       
distinguishedname      : CN=Administrator,CN=Users,DC=CONTROLLER,DC=local                                                                                                                             
objectclass            : {top, person, organizationalPerson, user}                                                                                                                                    
lastlogontimestamp     : 8/28/2020 4:12:39 AM                                                                                                                                                         
name                   : Administrator                                                                                                                                                                
objectsid              : S-1-5-21-849420856-2351964222-986696166-500                                                                                                                                  
samaccountname         : Administrator                                                                                                                                                                
admincount             : 1                                                                                                                                                                            
codepage               : 0                                                                                                                                                                            
samaccounttype         : 805306368                                                                                                                                                                    
whenchanged            : 8/28/2020 11:12:39 AM                                                                                                                                                        
accountexpires         : 9223372036854775807                                                                                                                                                          
countrycode            : 0                                                                                                                                                                            
adspath                : LDAP://CN=Administrator,CN=Users,DC=CONTROLLER,DC=local                                                                                                                      
instancetype           : 4                                                                                                                                                                            
objectguid             : 1823a15b-34a7-49b2-a9f2-99279409f557                                                                                                                                         
lastlogon              : 8/28/2020 4:12:46 AM                                                                                                                                                         
lastlogoff             : 12/31/1600 4:00:00 PM                                                                                                                                                        
objectcategory         : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local                                                                                                                  
dscorepropagationdata  : {5/14/2020 3:29:56 AM, 5/14/2020 3:29:56 AM, 5/14/2020 3:14:47 AM, 1/1/1601 6:12:16 PM}                                                                                      
memberof               : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,  
                         CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}                                                                                                                        
whencreated            : 5/14/2020 3:13:54 AM                                                                                                                                                         
iscriticalsystemobject : True                                                                                                                                                                         
badpwdcount            : 0                                                                                                                                                                            
cn                     : Administrator                                                                                                                                                                
useraccountcontrol     : 66048                                                                                                                                                                        
usncreated             : 8196                                                                                                                                                                         
primarygroupid         : 513                                                                                                                                                                          
pwdlastset             : 5/13/2020 8:00:12 PM                                                                                                                                                         
usnchanged             : 32785                                                                                                                                                                        

logoncount            : 0 
badpasswordtime       : 12/31/1600 4:00:00 PM                                                                                                                                                        
distinguishedname     : CN=Admin2,CN=Users,DC=CONTROLLER,DC=local                                                                                                                                    
objectclass           : {top, person, organizationalPerson, user}                                                                                                                                    
displayname           : Admin2                                                                                                                                                                       
userprincipalname     : Admin2@CONTROLLER.local                                                                                                                                                      
name                  : Admin2                                                                                                                                                                       
objectsid             : S-1-5-21-849420856-2351964222-986696166-1105                                                                                                                                 
samaccountname        : Admin2                                                                                                                                                                       
admincount            : 1                                                                                                                                                                            
codepage              : 0                                                                                                                                                                            
samaccounttype        : 805306368                                                                                                                                                                    
whenchanged           : 5/14/2020 3:29:56 AM                                                                                                                                                         
accountexpires        : 9223372036854775807                                                                                                                                                          
countrycode           : 0                                                                                                                                                                            
adspath               : LDAP://CN=Admin2,CN=Users,DC=CONTROLLER,DC=local                                                                                                                             
instancetype          : 4                                                                                                                                                                            
usncreated            : 12791                                                                                                                                                                        
objectguid            : 6c2686c7-7b94-4ac4-aa6b-aedd868fb263                                                                                                                                         
lastlogoff            : 12/31/1600 4:00:00 PM                                                                                                                                                        
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local                                                                                                                  
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}                                                                                                                                 
givenname             : Admin2                                                                                                                                                                       
memberof              : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,  
                        CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}                                                                                                                        
lastlogon             : 12/31/1600 4:00:00 PM                                                                                                                                                        
badpwdcount           : 0                                                                                                                                                                            
cn                    : Admin2                                                                                                                                                                       
useraccountcontrol    : 66048                                                                                                                                                                        
whencreated           : 5/14/2020 3:24:42 AM                                                                                                                                                         
primarygroupid        : 513                                                                                                                                                                          
pwdlastset            : 5/13/2020 8:24:43 PM
usnchanged            : 12851

logoncount            : 0 
badpasswordtime       : 12/31/1600 4:00:00 PM
description           : My password is MYpassword123#
distinguishedname     : CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
objectclass           : {top, person, organizationalPerson, user}
displayname           : SQL Service
userprincipalname     : SQLService@CONTROLLER.local
name                  : SQL Service
objectsid             : S-1-5-21-849420856-2351964222-986696166-1107
samaccountname        : SQLService
lastlogon             : 12/31/1600 4:00:00 PM
codepage              : 0
samaccounttype        : 805306368
whenchanged           : 5/14/2020 3:42:53 AM
accountexpires        : 9223372036854775807
countrycode           : 0
adspath               : LDAP://CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local 
instancetype          : 4
objectguid            : 1c3f20d7-c383-466a-9a67-92a774650cb8
sn                    : Service
lastlogoff            : 12/31/1600 4:00:00 PM
objectcategory        : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
serviceprincipalname  : DOMAIN-CONTROLLER/SQLService.CONTROLLER.local:60111
givenname             : SQL
admincount            : 1
memberof              : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
                        CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
whencreated           : 5/14/2020 3:26:57 AM
badpwdcount           : 0
cn                    : SQL Service
useraccountcontrol    : 66048
usncreated            : 12820
primarygroupid        : 513
pwdlastset            : 5/13/2020 8:26:58 PM
usnchanged            : 12890

PreviousGeneral Tips

Last updated 5 years ago

hashtagFind Name & OS Version of Domain Controllers

hashtagGet List of All Operating Systems on The Domain

hashtagGet List of All Users on Domain

hashtagList All Admins

hashtagList All Groups

hashtagList All Info on Accounts Belonging to a Certain Group

Find Name & OS Version of Domain Controllers

Get List of All Operating Systems on The Domain

Get List of All Users on Domain

List All Admins

List All Groups

List All Info on Accounts Belonging to a Certain Group