Enumeration

Question 1

PV: Return a given domain object

Answer 1

Get-NetDomain

Question 2

AD: Return a given domain object

Answer 2

Get-ADDomain

Question 3

PV: Get the Domain SID

Answer 3

Get-DomainSID

Question 4

AD: Get the Domain SID

Answer 4

Get-ADDomain

(Get-ADDomain).DomainSID

Question 5

PV: Get the Domain Policy

Answer 5

Get-DomainPolicy

Question 6

PV: List the Domain Controllers

Answer 6

Get-NetDomainController

Question 7

AD: List the Domain Controllers

Answer 7

Get-ADDomainController

Question 8

PV: Get a list of users in the domain

Answer 8

Get-NetUser

Question 9

AD: Get a list of users in the domain

Answer 9

Get-ADUser

Question 10

PV: Get a list of user properties

Answer 10

Get-UserProperty

Question 11

PV: Search user object fields for a given word

Answer 11

Find-UserField -SearchField -Search Term

Question 12

PV: Get a list of computers in the domain

Answer 12

Get-NetComputer

Question 13

AD: Get a list of computers in the domain

Answer 13

Get-ADComputer

Question 14

PV: Get a list of all groups in the current domain

Answer 14

Get-NetGroup

Question 15

AD: Get a list of all groups in the current domain

Answer 15

Get-ADGroup

Question 16

PV: Get members of a domain group

Answer 16

Get-NetGroupMember

Question 17

AD: Get members of a domain group

Answer 17

Get-ADGroupMember

Question 18

PV: Get domain groups that the specified user is a member of

Answer 18

Get-NetGroup -UserName

Question 19

AD: Get domain groups that the specified user is a member of

Answer 19

Get-ADPrincipalGroupMembership -Identity

Question 20

PV: List the local groups on a machine

Answer 20

Get-NetLocalGroup -ListGroups

Question 21

PV: Get actively logged on users. Needs admin on target

Answer 21

Get-NetLoggedOn

Question 22

Get locally logged on users on a computer. Needs remote registry

Answer 22

Get-LoggedOnLocal

Question 23

PV: Get the last logged on user on a computer

Answer 23

Get-LastLoggedOn

Question 24

PV: Find shares on hosts

Answer 24

Invoke-ShareFinder

Question 25

PV: Get all files servers in a domain

Answer 25

Get-NetFileServer

Question 26

PV: Get a list of all current GPO in a domain

Answer 26

Get-NetGPO

Question 27

Get the RSOP on the local machine

Answer 27

gpresult /R /V

Question 28

PV: List all GPOs that set "restricted groups" or use groups.xml on target machines

Answer 28

Get-NetGPOGroup

Question 29

PV: from a computer name or GPO list what users / groups are in the specified local group for the machine

Answer 29

Find-GPOComputerAdmin

Question 30

PV: List machines where the given user is a member of a specific group

Answer 30

Find-GPOLocation

Question 31

PV: Get a list of all OUs in a domain

Answer 31

Get-NetOU

Question 32

AD: Get a list of all current OUs in a domain

Answer 32

Get-ADOrganizationalUnit

Question 33

PV: List the ACLs associated with a specified object

Answer 33

Get-ObjectACL

Question 34

PV: Search for interesting ACEs

Answer 34

Invoke-ACLScanner

Question 35

PV: List domain trusts for the current domain

Answer 35

Get-DomainTrust

Question 36

AD: List domain trusts for the current domain

Answer 36

Get-ADTrust

Question 37

PV: Get details about the current forest

Answer 37

Get-NetForest

Question 38

AD: Get details about the current forest

Answer 38

Get-AdForest

Question 39

PV: List all of the domains in the current forest

Answer 39

Get-NetForestDomain

Question 40

PV: List all global catalogs for the current forest

Answer 40

Get-NetForestCatalog

Question 41

AD: List all global catalogs for the current forest

Answer 41

(Get-ADForest).GlobalCatalogs

Question 42

PV: map trusts of a forest

Answer 42

Get-NetForestTrust

Question 43

AD: map trusts of a forest

Answer 43

Get-ADTrust

Question 44

PV: List all machines in the domain where the current user has local admin privs

Answer 44

Find-LocalAdminAccess

Question 45

WMI: PV: List all machines in the domain where the current user has local admin privs

Answer 45

Find-WMILocalAdminAccess

Question 46

PV: Find local admins on all machines in the domain

Answer 46

Invoke-EnumerateLocalAdmin

Question 47

PV: Find computers where a domain admin has sessions

Answer 47

Invoke-UserHunter

Question 48

PV: check whether we have local admin on localhost or specified hosts

Answer 48

Invoke-CheckLocalAdminAccess