Groups

WINDOWS

Detailed Group Info

PS C:\> Get-ADGroup -Identity "Backup Operators"

Group Membership

PS C:\> Get-ADGroupMember -Identity "Backup Operators"

`NET`

net localgroup administrators /domain # List users in the administrators group inside the domain

net group /domain # Information about domain groups

net groups /domain # List of domain groups

net group <domain_group_name> /domain # Users belonging to the group

net group "Domain Admins" /domain # List users with domain admin privileges

net group "Domain Controllers" /domain # List PC accounts of domain controllers

net group "domain computers" /domain # List of PCs connected to the domain

Get Group SID

C:\> Get-ADGroup -Identity "Enterprise Admins" -Server "MILITECH.LOCAL

PowerView

Recursive Group Membership

PS C:\>  Get-DomainGroupMember -Identity "Domain Admins" -Recurse

Check RDP Users Group

PS C:\> Get-NetLocalGroupMember -ComputerName MILITECH-MS13 -GroupName "Remote Desktop Users"

Check Remote Management Users Group

PS C:\> Get-NetLocalGroupMember -ComputerName MILITECH-MS13 -GroupName "Remote Management Users"

Check Foreign Group Membership

PS C:\> Get-DomainForeignGroupMember -Domain MILITECH.LOCAL

Get Group's SID

PS C:\> Get-DomainGroup -Domain MILITECH.LOCAL -Identity "Enterprise Admins" | select distinguishedname,objectsid

LINUX

CrackMapExec

Groups

sudo crackmapexec smb 13.13.13.13 -u sreed -p PASSWORD123 --groups

PreviousUsers NextGPO's

Last updated 1 month ago

Groups

WINDOWS

Detailed Group Info

PS C:\> Get-ADGroup -Identity "Backup Operators"

Group Membership

PS C:\> Get-ADGroupMember -Identity "Backup Operators"

`NET`

net localgroup administrators /domain # List users in the administrators group inside the domain

net group /domain # Information about domain groups

net groups /domain # List of domain groups

net group <domain_group_name> /domain # Users belonging to the group

net group "Domain Admins" /domain # List users with domain admin privileges

net group "Domain Controllers" /domain # List PC accounts of domain controllers

net group "domain computers" /domain # List of PCs connected to the domain

Get Group SID

C:\> Get-ADGroup -Identity "Enterprise Admins" -Server "MILITECH.LOCAL

PowerView

Recursive Group Membership

PS C:\>  Get-DomainGroupMember -Identity "Domain Admins" -Recurse

Check RDP Users Group

PS C:\> Get-NetLocalGroupMember -ComputerName MILITECH-MS13 -GroupName "Remote Desktop Users"

Check Remote Management Users Group

PS C:\> Get-NetLocalGroupMember -ComputerName MILITECH-MS13 -GroupName "Remote Management Users"

Check Foreign Group Membership

PS C:\> Get-DomainForeignGroupMember -Domain MILITECH.LOCAL

Get Group's SID

PS C:\> Get-DomainGroup -Domain MILITECH.LOCAL -Identity "Enterprise Admins" | select distinguishedname,objectsid

LINUX

CrackMapExec

Groups

sudo crackmapexec smb 13.13.13.13 -u sreed -p PASSWORD123 --groups

PreviousUsers NextGPO's

Last updated 1 month ago