Active Directory Enumeration Cheetsheet
Find Name & OS Version of Domain Controllers
PS C:\Users\Administrator\Downloads> Get-ADDomainController
ComputerObjectDN : CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
DefaultPartition : DC=CONTROLLER,DC=local
Domain : CONTROLLER.local
Enabled : True
Forest : CONTROLLER.local
HostName : Domain-Controller.CONTROLLER.local
InvocationId : 5669f8e7-9fd9-4eb6-8e27-d54ef7ce9c56
IPv4Address : 10.10.25.57
IPv6Address :
IsGlobalCatalog : True
IsReadOnly : False
LdapPort : 389
Name : DOMAIN-CONTROLL
NTDSSettingsObjectDN : CN=NTDS Settings,CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local
OperatingSystem : Windows Server 2019 Standard Evaluation
OperatingSystemHotfix :
OperatingSystemServicePack :
OperatingSystemVersion : 10.0 (17763)
OperationMasterRoles : {SchemaMaster, DomainNamingMaster, PDCEmulator, RIDMaster...}
Partitions : {DC=ForestDnsZones,DC=CONTROLLER,DC=local, DC=DomainDnsZones,DC=CONTROLLER,DC=local, CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local,
CN=Configuration,DC=CONTROLLER,DC=local...}
ServerObjectDN : CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local
ServerObjectGuid : 53e8b62c-8ba0-44b0-92db-62135874abc3
Site : Default-First-Site-Name
SslPort : 636
PS C:\Users\Administrator\Downloads> Get List of All Operating Systems on The Domain
PS C:\Users\Administrator\Downloads> Get-NetComputer -fulldata
pwdlastset : 8/28/2020 4:12:03 AM
logoncount : 57
serverreferencebl : CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user...}
lastlogontimestamp : 8/28/2020 4:12:29 AM
name : DOMAIN-CONTROLL
objectsid : S-1-5-21-849420856-2351964222-986696166-1000
samaccountname : DOMAIN-CONTROLL$
localpolicyflags : 0
codepage : 0
samaccounttype : 805306369
whenchanged : 8/28/2020 11:12:29 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
instancetype : 4
msdfsr-computerreferencebl : CN=DOMAIN-CONTROLL,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=CONTROLLER,DC=local
objectguid : de356d62-5156-4f21-98ad-eb28f347f32d
operatingsystem : Windows Server 2019 Standard Evaluation
operatingsystemversion : 10.0 (17763)
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:14:47 AM, 1/1/1601 12:00:01 AM}
serviceprincipalname : {TERMSRV/DOMAIN-CONTROLL, TERMSRV/Domain-Controller.CONTROLLER.local, Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/Domain-Controller.CONTROLLER.local,
ldap/Domain-Controller.CONTROLLER.local/ForestDnsZones.CONTROLLER.local...}
usncreated : 12293
memberof : {CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=CONTROLLER,DC=local, CN=Cert Publishers,OU=Groups,DC=CONTROLLER,DC=local}
lastlogon : 8/28/2020 4:13:39 AM
badpwdcount : 0
cn : DOMAIN-CONTROLL
useraccountcontrol : 532480
whencreated : 5/14/2020 3:14:46 AM
primarygroupid : 516
iscriticalsystemobject : True
msds-supportedencryptiontypes : 28
usnchanged : 32781
ridsetreferences : CN=RID Set,CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
dnshostname : Domain-Controller.CONTROLLER.local
logoncount : 10
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user...}
badpwdcount : 0
lastlogontimestamp : 5/14/2020 12:05:03 PM
objectsid : S-1-5-21-849420856-2351964222-986696166-1109
samaccountname : DESKTOP-2$
lastlogon : 5/14/2020 12:32:05 PM
codepage : 0
samaccounttype : 805306369
whenchanged : 5/14/2020 7:06:38 PM
countrycode : 0
cn : DESKTOP-2
accountexpires : 9223372036854775807
adspath : LDAP://CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local
PS C:\Users\Administrator\Downloads> Get-NetComputer -fulldata
pwdlastset : 8/28/2020 4:12:03 AM
logoncount : 75
serverreferencebl : CN=DOMAIN-CONTROLL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CONTROLLER,DC=local
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user...}
lastlogontimestamp : 8/28/2020 4:12:29 AM
name : DOMAIN-CONTROLL
primarygroupid : 516
objectsid : S-1-5-21-849420856-2351964222-986696166-1000
samaccountname : DOMAIN-CONTROLL$
localpolicyflags : 0
codepage : 0
samaccounttype : 805306369
whenchanged : 8/28/2020 11:18:28 AM
accountexpires : 9223372036854775807
cn : DOMAIN-CONTROLL
adspath : LDAP://CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
instancetype : 4
msdfsr-computerreferencebl : CN=DOMAIN-CONTROLL,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=CONTROLLER,DC=local
objectguid : de356d62-5156-4f21-98ad-eb28f347f32d
operatingsystem : Windows Server 2019 Standard Evaluation
operatingsystemversion : 10.0 (17763)
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:14:47 AM, 1/1/1601 12:00:01 AM}
serviceprincipalname : {TERMSRV/DOMAIN-CONTROLL, TERMSRV/Domain-Controller.CONTROLLER.local, Dfsr-12F9A27C-BF97-4787-9364-D31B6C55EB04/Domain-Controller.CONTROLLER.local,
ldap/Domain-Controller.CONTROLLER.local/ForestDnsZones.CONTROLLER.local...}
usncreated : 12293
usercertificate : {48, 130, 6, 73...}
memberof : {CN=Pre-Windows 2000 Compatible Access,CN=Builtin,DC=CONTROLLER,DC=local, CN=Cert Publishers,OU=Groups,DC=CONTROLLER,DC=local}
lastlogon : 8/28/2020 4:18:28 AM
badpwdcount : 0
useraccountcontrol : 532480
whencreated : 5/14/2020 3:14:46 AM
countrycode : 0
iscriticalsystemobject : True
msds-supportedencryptiontypes : 28
usnchanged : 32810
ridsetreferences : CN=RID Set,CN=DOMAIN-CONTROLL,OU=Domain Controllers,DC=CONTROLLER,DC=local
dnshostname : Domain-Controller.CONTROLLER.local
logoncount : 10
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user...}
badpwdcount : 0
lastlogontimestamp : 5/14/2020 12:05:03 PM
objectsid : S-1-5-21-849420856-2351964222-986696166-1109
samaccountname : DESKTOP-2$
localpolicyflags : 0
lastlogon : 5/14/2020 12:32:05 PM
codepage : 0
samaccounttype : 805306369
whenchanged : 5/14/2020 7:06:38 PM
countrycode : 0
cn : DESKTOP-2
accountexpires : 9223372036854775807
adspath : LDAP://CN=DESKTOP-2,CN=Computers,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 20521
objectguid : 99e46c23-9ea0-44da-8d67-7396aedd6fe8
operatingsystem : Windows 10 Enterprise Evaluation
operatingsystemversion : 10.0 (18363)
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
serviceprincipalname : {RestrictedKrbHost/DESKTOP-2, HOST/DESKTOP-2, RestrictedKrbHost/Desktop-2.CONTROLLER.local, HOST/Desktop-2.CONTROLLER.local}
ms-ds-creatorsid : {1, 5, 0, 0...}
iscriticalsystemobject : False
usnchanged : 20536
useraccountcontrol : 4096
whencreated : 5/14/2020 7:05:03 PM
primarygroupid : 515
pwdlastset : 5/14/2020 12:05:03 PM
msds-supportedencryptiontypes : 28
name : DESKTOP-2
dnshostname : Desktop-2.CONTROLLER.local
logoncount : 7
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=DESKTOP-1,CN=Computers,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user...}
badpwdcount : 0
lastlogontimestamp : 5/14/2020 12:25:53 PM
objectsid : S-1-5-21-849420856-2351964222-986696166-1110
samaccountname : DESKTOP-1$
localpolicyflags : 0
codepage : 0
samaccounttype : 805306369
whenchanged : 5/14/2020 7:26:53 PM
countrycode : 0
cn : DESKTOP-1
accountexpires : 9223372036854775807
adspath : LDAP://CN=DESKTOP-1,CN=Computers,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 20549
objectguid : 260ac494-585f-4ae4-884e-1acf1ff7d55f
operatingsystem : Windows 10 Enterprise Evaluation
operatingsystemversion : 10.0 (18363)
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Computer,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
serviceprincipalname : {RestrictedKrbHost/DESKTOP-1, HOST/DESKTOP-1, RestrictedKrbHost/Desktop-1.CONTROLLER.local, HOST/Desktop-1.CONTROLLER.local}
lastlogon : 5/14/2020 12:27:04 PM
iscriticalsystemobject : False
usnchanged : 20563
useraccountcontrol : 4096
whencreated : 5/14/2020 7:25:52 PM
primarygroupid : 515
pwdlastset : 5/14/2020 12:25:52 PM
msds-supportedencryptiontypes : 28
name : DESKTOP-1
dnshostname : Desktop-1.CONTROLLER.localGet List of All Users on Domain
PS C:\Users\Administrator\Downloads> Get-NetUser
logoncount : 26
badpasswordtime : 5/14/2020 12:25:47 PM
description : Built-in account for administering the computer/domain
distinguishedname : CN=Administrator,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
lastlogontimestamp : 8/28/2020 4:12:39 AM
name : Administrator
objectsid : S-1-5-21-849420856-2351964222-986696166-500
samaccountname : Administrator
admincount : 1
codepage : 0
samaccounttype : 805306368
whenchanged : 8/28/2020 11:12:39 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Administrator,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
objectguid : 1823a15b-34a7-49b2-a9f2-99279409f557
lastlogon : 8/28/2020 4:12:46 AM
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 5/14/2020 3:29:56 AM, 5/14/2020 3:14:47 AM, 1/1/1601 6:12:16 PM}
memberof : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
whencreated : 5/14/2020 3:13:54 AM
iscriticalsystemobject : True
badpwdcount : 0
cn : Administrator
useraccountcontrol : 66048
usncreated : 8196
primarygroupid : 513
pwdlastset : 5/13/2020 8:00:12 PM
usnchanged : 32785
pwdlastset : 12/31/1600 4:00:00 PM
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
description : Built-in account for guest access to the computer/domain
distinguishedname : CN=Guest,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
name : Guest
objectsid : S-1-5-21-849420856-2351964222-986696166-501
samaccountname : Guest
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 3:13:54 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Guest,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
objectguid : 153892ee-fa57-4038-931f-36501f651bce
lastlogon : 12/31/1600 4:00:00 PM
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:14:47 AM, 1/1/1601 12:00:01 AM}
memberof : CN=Guests,CN=Builtin,DC=CONTROLLER,DC=local
whencreated : 5/14/2020 3:13:54 AM
badpwdcount : 0
cn : Guest
useraccountcontrol : 66082
usncreated : 8197
primarygroupid : 514
iscriticalsystemobject : True
usnchanged : 8197
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
description : Key Distribution Center Service Account
distinguishedname : CN=krbtgt,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
name : krbtgt
primarygroupid : 513
objectsid : S-1-5-21-849420856-2351964222-986696166-502
whenchanged : 5/14/2020 3:29:56 AM
admincount : 1
codepage : 0
samaccounttype : 805306368
showinadvancedviewonly : True
accountexpires : 9223372036854775807
cn : krbtgt
adspath : LDAP://CN=krbtgt,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
objectguid : 15b89d2e-13b8-4e9f-bd8f-921b221a5e2e
lastlogon : 12/31/1600 4:00:00 PM
lastlogoff : 12/31/1600 4:00:00 PM
samaccountname : krbtgt
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 5/14/2020 3:14:47 AM, 1/1/1601 12:04:16 AM}
serviceprincipalname : kadmin/changepw
memberof : CN=Denied RODC Password Replication Group,OU=Groups,DC=CONTROLLER,DC=local
whencreated : 5/14/2020 3:14:47 AM
iscriticalsystemobject : True
badpwdcount : 0
useraccountcontrol : 514
usncreated : 12324
countrycode : 0
pwdlastset : 5/13/2020 8:14:47 PM
msds-supportedencryptiontypes : 0
usnchanged : 12863
logoncount : 1
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=Machine-1,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : Machine-1
lastlogontimestamp : 5/14/2020 12:29:48 PM
userprincipalname : Machine1@CONTROLLER.local
name : Machine-1
objectsid : S-1-5-21-849420856-2351964222-986696166-1103
samaccountname : Machine1
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 7:29:48 PM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Machine-1,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 12780
objectguid : e53a5a2f-b58d-4093-94fa-6720ca215b81
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
givenname : Machine-1
lastlogon : 5/14/2020 12:29:48 PM
badpwdcount : 0
cn : Machine-1
useraccountcontrol : 66048
whencreated : 5/14/2020 3:23:00 AM
primarygroupid : 513
pwdlastset : 5/13/2020 8:23:01 PM
usnchanged : 20566
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=Admin2,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : Admin2
userprincipalname : Admin2@CONTROLLER.local
name : Admin2
objectsid : S-1-5-21-849420856-2351964222-986696166-1105
samaccountname : Admin2
admincount : 1
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 3:29:56 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Admin2,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 12791
objectguid : 6c2686c7-7b94-4ac4-aa6b-aedd868fb263
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
givenname : Admin2
memberof : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
lastlogon : 12/31/1600 4:00:00 PM
badpwdcount : 0
cn : Admin2
useraccountcontrol : 66048
whencreated : 5/14/2020 3:24:42 AM
primarygroupid : 513
pwdlastset : 5/13/2020 8:24:43 PM
usnchanged : 12851
logoncount : 4
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=Machine-2,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : Machine-2
lastlogontimestamp : 5/14/2020 11:59:23 AM
userprincipalname : Machine2@CONTROLLER.local
name : Machine-2
objectsid : S-1-5-21-849420856-2351964222-986696166-1106
samaccountname : Machine2
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 6:59:23 PM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Machine-2,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 12813
objectguid : 4f82628c-83af-49e5-93a3-d64fed306e2b
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
givenname : Machine-2
lastlogon : 5/14/2020 12:32:08 PM
badpwdcount : 0
cn : Machine-2
useraccountcontrol : 66048
whencreated : 5/14/2020 3:25:38 AM
primarygroupid : 513
pwdlastset : 5/13/2020 8:25:39 PM
usnchanged : 20516
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
description : My password is MYpassword123#
distinguishedname : CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : SQL Service
userprincipalname : SQLService@CONTROLLER.local
name : SQL Service
objectsid : S-1-5-21-849420856-2351964222-986696166-1107
samaccountname : SQLService
lastlogon : 12/31/1600 4:00:00 PM
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 3:42:53 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
objectguid : 1c3f20d7-c383-466a-9a67-92a774650cb8
sn : Service
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
serviceprincipalname : DOMAIN-CONTROLLER/SQLService.CONTROLLER.local:60111
givenname : SQL
admincount : 1
memberof : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
whencreated : 5/14/2020 3:26:57 AM
badpwdcount : 0
cn : SQL Service
useraccountcontrol : 66048
usncreated : 12820
primarygroupid : 513
pwdlastset : 5/13/2020 8:26:58 PM
usnchanged : 12890
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=POST{P0W3RV13W_FTW},CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : POST{P0W3RV13W_FTW}
userprincipalname : POST@CONTROLLER.local
name : POST{P0W3RV13W_FTW}
objectsid : S-1-5-21-849420856-2351964222-986696166-1108
samaccountname : POST
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 3:42:38 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=POST{P0W3RV13W_FTW},CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 12884
objectguid : 090f9517-49d7-43f1-a051-9aaa5ed2088f
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
givenname : POST{P0W3RV13W_FTW}
lastlogon : 12/31/1600 4:00:00 PM
badpwdcount : 0
cn : POST{P0W3RV13W_FTW}
useraccountcontrol : 66048
whencreated : 5/14/2020 3:42:36 AM
primarygroupid : 513
pwdlastset : 5/13/2020 8:42:38 PM
usnchanged : 12889
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=sshd,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : sshd
name : sshd
objectsid : S-1-5-21-849420856-2351964222-986696166-1111
samaccountname : sshd
codepage : 0
samaccounttype : 805306368
whenchanged : 5/15/2020 3:31:40 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=sshd,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 24609
objectguid : e1c0ef9b-0de9-48ba-9f91-9fbe45ddc0c6
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : 1/1/1601 12:00:00 AM
lastlogon : 12/31/1600 4:00:00 PM
badpwdcount : 0
cn : sshd
useraccountcontrol : 66048
whencreated : 5/15/2020 3:31:40 AM
primarygroupid : 513
pwdlastset : 5/14/2020 8:31:40 PM
usnchanged : 24612
List All Admins
PS C:\Users\Administrator\Downloads> Get-NetUser -AdminCount | Select samaccountname
samaccountname
--------------
Administrator
krbtgt
Admin2
SQLService List All Groups
PS C:\Users\Administrator\Downloads> Get-NetGroup -GroupName *
Administrators
Users
Guests
Print Operators
Backup Operators
Replicator
Remote Desktop Users
Network Configuration Operators
Performance Monitor Users
Performance Log Users
Distributed COM Users
IIS_IUSRS
Cryptographic Operators
Event Log Readers
Certificate Service DCOM Access
RDS Remote Access Servers
RDS Endpoint Servers
RDS Management Servers
Hyper-V Administrators
Access Control Assistance Operators
Remote Management Users
Storage Replica Administrators
Domain Computers
Domain Controllers
Schema Admins
Enterprise Admins
Cert Publishers
Domain Admins
Domain Users
Domain Guests
Group Policy Creator Owners
RAS and IAS Servers
Server Operators
Account Operators
Pre-Windows 2000 Compatible Access
Incoming Forest Trust Builders
Windows Authorization Access Group
Terminal Server License Servers
Allowed RODC Password Replication Group
Denied RODC Password Replication Group
Read-only Domain Controllers
Enterprise Read-only Domain Controllers
Cloneable Domain Controllers
Protected Users
Key Admins
Enterprise Key Admins
DnsAdmins
DnsUpdateProxyList All Info on Accounts Belonging to a Certain Group
PS C:\Users\Administrator\Downloads> Get-NetUser | ?{$_.memberof -match 'Domain Admins'}
logoncount : 26
badpasswordtime : 5/14/2020 12:25:47 PM
description : Built-in account for administering the computer/domain
distinguishedname : CN=Administrator,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
lastlogontimestamp : 8/28/2020 4:12:39 AM
name : Administrator
objectsid : S-1-5-21-849420856-2351964222-986696166-500
samaccountname : Administrator
admincount : 1
codepage : 0
samaccounttype : 805306368
whenchanged : 8/28/2020 11:12:39 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Administrator,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
objectguid : 1823a15b-34a7-49b2-a9f2-99279409f557
lastlogon : 8/28/2020 4:12:46 AM
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 5/14/2020 3:29:56 AM, 5/14/2020 3:14:47 AM, 1/1/1601 6:12:16 PM}
memberof : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
whencreated : 5/14/2020 3:13:54 AM
iscriticalsystemobject : True
badpwdcount : 0
cn : Administrator
useraccountcontrol : 66048
usncreated : 8196
primarygroupid : 513
pwdlastset : 5/13/2020 8:00:12 PM
usnchanged : 32785
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
distinguishedname : CN=Admin2,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : Admin2
userprincipalname : Admin2@CONTROLLER.local
name : Admin2
objectsid : S-1-5-21-849420856-2351964222-986696166-1105
samaccountname : Admin2
admincount : 1
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 3:29:56 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=Admin2,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
usncreated : 12791
objectguid : 6c2686c7-7b94-4ac4-aa6b-aedd868fb263
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
givenname : Admin2
memberof : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
lastlogon : 12/31/1600 4:00:00 PM
badpwdcount : 0
cn : Admin2
useraccountcontrol : 66048
whencreated : 5/14/2020 3:24:42 AM
primarygroupid : 513
pwdlastset : 5/13/2020 8:24:43 PM
usnchanged : 12851
logoncount : 0
badpasswordtime : 12/31/1600 4:00:00 PM
description : My password is MYpassword123#
distinguishedname : CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
objectclass : {top, person, organizationalPerson, user}
displayname : SQL Service
userprincipalname : SQLService@CONTROLLER.local
name : SQL Service
objectsid : S-1-5-21-849420856-2351964222-986696166-1107
samaccountname : SQLService
lastlogon : 12/31/1600 4:00:00 PM
codepage : 0
samaccounttype : 805306368
whenchanged : 5/14/2020 3:42:53 AM
accountexpires : 9223372036854775807
countrycode : 0
adspath : LDAP://CN=SQL Service,CN=Users,DC=CONTROLLER,DC=local
instancetype : 4
objectguid : 1c3f20d7-c383-466a-9a67-92a774650cb8
sn : Service
lastlogoff : 12/31/1600 4:00:00 PM
objectcategory : CN=Person,CN=Schema,CN=Configuration,DC=CONTROLLER,DC=local
dscorepropagationdata : {5/14/2020 3:29:56 AM, 1/1/1601 12:00:00 AM}
serviceprincipalname : DOMAIN-CONTROLLER/SQLService.CONTROLLER.local:60111
givenname : SQL
admincount : 1
memberof : {CN=Group Policy Creator Owners,OU=Groups,DC=CONTROLLER,DC=local, CN=Domain Admins,OU=Groups,DC=CONTROLLER,DC=local, CN=Enterprise Admins,OU=Groups,DC=CONTROLLER,DC=local,
CN=Schema Admins,OU=Groups,DC=CONTROLLER,DC=local...}
whencreated : 5/14/2020 3:26:57 AM
badpwdcount : 0
cn : SQL Service
useraccountcontrol : 66048
usncreated : 12820
primarygroupid : 513
pwdlastset : 5/13/2020 8:26:58 PM
usnchanged : 12890
Last updated