====== Enumerate Domain Data ====== See if endpoint is joined to domain (run as Administrator) dsregcmd /status List all domain controllers nltest /dclist: Display a Global Catalog Server nltest /dsgetdc: Display all users in the domain net users /domain > domain-users.txt Display all groups in the domain net group/domain > domain-groups.txt Display members of a group (does not show groups within this group) net group "domain admins" /domain Show data on a users net user "jblogs" /domain Show domain account settings net accounts /domain To Show List of Domain Controller IP addresses nslookup gc._msdcs.yourdomain.com ===== Local Data ===== Show groups that exist on the local machine net localgroup Show local workstation data net config workstation Show list of local Kerberos tokens on device you are on klist Show local stored credentials cmdkey /list