⌘Ctrlk

Domain

On Windows:

It is possible to use PowerView :

# Import PowerView
. .\PowerView.ps1 

# Get domain name
Get-NetDomain

# Enumeration of the domain test.local
Get-NetDomain -Domain test.local

Active Directory Module for Windows PowerShell is a PowerShell module that bundles a group of cmdlets.

# Importe DLL without installing RSAT module and without admin right 
Import-Module .\Microsoft.ActiveDirectory.Management.dll

# Import module
Import-Module .\ActiveDirectory\ActiveDirectory.psd1 

# Find the domain
Get-ADDomain

# Enumerate domain test.local
Get-ADDomain -Identity test.local

Active Directory Service Interfaces (ADSI) are a set of COM interfaces used to access directory services features from different network vendors.

Administrators and developers can use ADSI Services to enumerate and manage resources in a directory service, regardless of the network environment that contains the resource.

$ADClass [System.DirectoryServices.ActiveDirectory.Domain] 
$ADClass::GetCurrentDomain()

Nltest is a command-line tool for performing network administration tasks. It is integrated with Windows Server 2008 and Windows Server 2008 R2. It is available if you have installed the AD-DS or AD-LDS server role. It is also available if you have installed the Active Directory Domain Services Tools which are part of the Remote Server Administration Tools (RSAT).

# Find domain
nltest /sc_query:<DOMAIN> 

# Enumerate domain controllers
nltest /dclist:<DOMAIN>

To find the server on which you are authenticated if your machine is enrolled in the domain:

echo %logonserver%

Warning: the logon server variable is updated each time a machine is started.

PreviousEnumeration NextPowerview

Last updated 2 years ago