Comment on page


On Windows:
AD Modules
.NET Classes
Enrolled machine
It is possible to use PowerView :
# Import PowerView
. .\PowerView.ps1
# Get domain name
# Enumeration of the domain test.local
Get-NetDomain -Domain test.local
Active Directory Module for Windows PowerShell is a PowerShell module that bundles a group of cmdlets.
# Importe DLL without installing RSAT module and without admin right
Import-Module .\Microsoft.ActiveDirectory.Management.dll
# Import module
Import-Module .\ActiveDirectory\ActiveDirectory.psd1
# Find the domain
# Enumerate domain test.local
Get-ADDomain -Identity test.local
Active Directory Service Interfaces (ADSI) are a set of COM interfaces used to access directory services features from different network vendors.
Administrators and developers can use ADSI Services to enumerate and manage resources in a directory service, regardless of the network environment that contains the resource.
$ADClass [System.DirectoryServices.ActiveDirectory.Domain]
Nltest is a command-line tool for performing network administration tasks. It is integrated with Windows Server 2008 and Windows Server 2008 R2. It is available if you have installed the AD-DS or AD-LDS server role. It is also available if you have installed the Active Directory Domain Services Tools which are part of the Remote Server Administration Tools (RSAT).
# Find domain
nltest /sc_query:<DOMAIN>
# Enumerate domain controllers
nltest /dclist:<DOMAIN>
To find the server on which you are authenticated if your machine is enrolled in the domain:
echo %logonserver%
Warning: the logon server variable is updated each time a machine is started.