Enumerate

Users

Local

whoami

Current user

whoami /priv

Current user privileges

qwinsta

Active user sessions

net session

Current logged on users

psloggedon

Current logged on users

wmic computersystem get username

Current logged on users

net user

User accounts

Get-CimInstance -ClassName Win32_UserAccount

User accounts

Get-LocalUser

User accounts (PowerShell)

Get-WmiObject -Class Win32_UserAccount

User accounts

wmic useraccount get name,sid

SIDs for all users

wmic useraccount where name="USER" get sid

SID for specific user

net user <username>

User properties

wmic useraccount list /format:list

User properties

wmic useraccount get name,fullname,sid

Specific user properties

net accounts

Default account settings

Retrieves information about a specific user:

Get-WmiObject -Class Win32_UserAccount | Where-Object {$_.Name -eq "<username>"} | Select-Object Name, FullName, Description

Default username, default domainname, default shell:

reg query "HKLM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"

Domain

net user /domain

Active Directory users

Get-ADUser -Filter *

Active Directory users (requires AD module)

dsquery user

Active Directory users (requires AD)

Groups

Local

net localgroup

Groups

Get-LocalGroup

Groups

net localgroup <groupName>

Group properties

wmic group /format:

Group properties

wmic group where "name='GroupName'" get /format:

Group properties

net localgroup "Users"

Members

net localgroup "Administrators"

Members

Get-LocalGroupMember -Group "Users"

Members

Get-LocalGroupMember -Group "Administrators"

Members

Get all groups:

wmic /NAMESPACE:\\root\directory\ldap PATH ds_group GET ds_samaccountname

Members of the group:

wmic /NAMESPACE:\\root\directory\ldap PATH ds_group where "ds_samaccountname='Domain Admins'" Get ds_member /Value

Members of the group:

wmic path win32_groupuser where (groupcomponent="win32_group.name="domain admins",domain="DOMAIN_NAME"")

Domain

Get-ADGroupMember -Identity "GroupName"

Domain group members

dsget group "GroupDN" -members

Domain group members

ldapsearch -x -b "dc=example,dc=com" "(objectClass=group)"

AD groups using LDAP search

Get-ADGroup -Filter *

Domain groups

dsquery group

Domain groups

net group

Domain groups

net group /domain

Domain groups

net localgroup administrators /domain

Domain group members

net group "Domain Admins" /domain

Domain groups members

net group "domain computers" /domain

Hosts connected to the domain

net group "Domain Controllers" /domain

DCs

Sysinternals

psloggedon

Looking for anyone using resources on the system. Connections to share drive.

psgetsid

Shows your user SID

PreviousUsers & GroupsNextModify

Last updated

Was this helpful?