PowerView is an enumeration script included in PowerSploit toolkit
Get-NetDomain## Gather information for the current users domain.Get-NetDomain-Domain myhackingblog.local ##Gather information on myhackingblog.localGet-DomainSID## Get the current domain's SID.Get-NetDomainController-Domain myhackingblog.localGet-NetUser-Domain myhackingblog.local ## Get AD information for all usersGet-NetUser-UserName thecorrectjames ## Get information for a specific user.Get-NetGroup*admin*Get-NetComputer-FullDataFind-LocalAdminAccess-Verbose ##Find all computers the current user has local adminaccessGet-NetSession-ComputerName myhackingblog-dc ##List sessions on a computerInvoke-UserHunter-CheckAccessGet-NetDomainTrustGet-NetForestGet-NetForestDomain
Active Directory Modules are written and provided by Microsoft, less likely to trigger alerts as they have a legitimate business use.
Get-ADDomainGet-ADDomain-Identity myhackingblog.local(Get-ADDomain).DOMAINSID.ValueGet-ADDomainController-Discover -DomainName myhackingblog.localGet-ADUser-Filter *-Properties *## Get AD information for all usersGet-ADUser-Server dc.myhackingblog.local get user information from specific domain controller.Get-ADUser-Identity thecorrectjames ## Get information for a specific user.Get-ADGroup-Filter *| select Name ##Get all the group namesGet-ADGroup-Filter 'Name -like "*admin*"'| select NameGet-ADcComputer-Filter *-Properties *Invoke-EnumerateLocalAdmin-VerboseGet-ADTrust-Filter *Get-ADForest(Get-ADForest).Domains
