AD Enumeration

net user /domain
net user USERNAME /domain
net group /domain
net group "Domain Admins" /domain
net group "Domain Controllers" /domain
net accounts /domain
net share
nltest /dclist:DOMAIN
nltest /domain_trusts

Import-Module ActiveDirectory

Get-ADDomain
Get-ADForest
Get-ADUser -Filter * -Properties *
Get-ADUser -Filter * | Select Name, SamAccountName
Get-ADGroup -Filter * | Select Name
Get-ADGroupMember "Domain Admins"
Get-ADComputer -Filter * | Select Name, DNSHostName
Get-ADTrust -Filter *

dsquery user -limit 0
dsquery computer -limit 0
dsquery group -limit 0
dsquery * -filter "(servicePrincipalName=*)" -attr distinguishedName servicePrincipalName

ldapsearch -x -H ldap://DC_IP -b "DC=domain,DC=local"
ldapsearch -x -H ldap://DC_IP -b "DC=domain,DC=local" -D "[email protected]" -w 'password'

ldapsearch -x -H ldap://DC_IP -b "DC=domain,DC=local" -D "[email protected]" -w 'pass' "(objectClass=user)" sAMAccountName

ldapsearch -x -H ldap://DC_IP -b "DC=domain,DC=local" "(objectClass=group)" cn member

ldapsearch -x -H ldap://DC_IP -b "CN=Domain Admins,CN=Users,DC=domain,DC=local" member

ldapsearch -x -H ldap://DC_IP -b "DC=domain,DC=local" "(servicePrincipalName=*)" sAMAccountName servicePrincipalName