> For the complete documentation index, see [llms.txt](https://blog.hacktive.bebzounette.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://blog.hacktive.bebzounette.com/active-directory/untitled/enumeration/domain.md). # Domain {% hint style="info" %} On Windows: {% endhint %} {% tabs %} {% tab title="PowerView" %} It is possible to use [PowerView](https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1) : ```powershell # Import PowerView . .\PowerView.ps1 # Get domain name Get-NetDomain # Enumeration of the domain test.local Get-NetDomain -Domain test.local ``` {% endtab %} {% tab title="AD Modules" %} [Active Directory Module](https://github.com/samratashok/ADModule) for Windows PowerShell is a PowerShell module that bundles a group of cmdlets. ```powershell # Importe DLL without installing RSAT module and without admin right Import-Module .\Microsoft.ActiveDirectory.Management.dll # Import module Import-Module .\ActiveDirectory\ActiveDirectory.psd1 # Find the domain Get-ADDomain # Enumerate domain test.local Get-ADDomain -Identity test.local ``` {% endtab %} {% tab title=".NET Classes" %} Active Directory Service Interfaces (ADSI) are a set of COM interfaces used to access directory services features from different network vendors. Administrators and developers can use ADSI Services to enumerate and manage resources in a directory service, regardless of the network environment that contains the resource. ```powershell $ADClass [System.DirectoryServices.ActiveDirectory.Domain] $ADClass::GetCurrentDomain() ``` {% endtab %} {% tab title="Nltest" %} Nltest is a command-line tool for performing network administration tasks. It is integrated with Windows Server 2008 and Windows Server 2008 R2. It is available if you have installed the AD-DS or AD-LDS server role. It is also available if you have installed the Active Directory Domain Services Tools which are part of the Remote Server Administration Tools (RSAT). ```powershell # Find domain nltest /sc_query: # Enumerate domain controllers nltest /dclist: ``` {% endtab %} {% tab title="Enrolled machine" %} To find the server on which you are authenticated if your machine is enrolled in the domain: ```powershell echo %logonserver% ``` {% hint style="warning" %} **Warning:** the logon server variable is updated each time a machine is started. {% endhint %} {% endtab %} {% endtabs %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://blog.hacktive.bebzounette.com/active-directory/untitled/enumeration/domain.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.