Enumerating Groups

PowerView

Get all groups in current domain

Get-NetGroup

Get all groups in another domain

Get-NetGroup -Domain <DOMAIN NAME>

Get all groups with full properties in current domain

Get-NetGroup -FullData

Get all groups with full properties in another domain

Get-NetGroup -Domain <DOMAIN NAME> -FullData

Get all properties of a specific group in current domain

Get-NetGroup -GroupName <GROUP NAME>  -FullData

Get all properties of a specific group in another domain

Get-NetGroup -GroupName <GROUP NAME> -Domain <DOMAIN NAME>  -FullData

Get all groups containing the word "admin" in group name on current domain

Get-NetGroup *admin*

Get all groups containing the word "admin" in group name on another domain

Get-NetGroup *admin* -Domain <DOMAIN NAME>

Get group membership of a specific user

Get-NetGroup -Username <USER NAME>

Get group membership of a specific user from another domain

Get-NetGroup -Username <USER NAME> -Domain <DOMAIN NAME>

Get all members of a specific group

Get-NetGroupMember -GroupName <GROUP NAME> -Recurse

Get all members of a specific group from another domain

Get-NetGroupMember -GroupName <GROUP NAME> -Domain <DOMAIN NAME> -Recurse

NOTE

To enumerate the members of local group, LOCAL ADMINISTRATOR privilege is required

Get all local groups on current machine, which have membership of administrator groups on DC

Get-NetLocalGroup -ListGroups

Get all local groups on another machine

Get-NetLocalGroup -ListGroups -ComputerName <COMPUTER NAME>

Get details about members of all local groups on current machine

Get-NetLocalGroup -Recurse

Get details about members of all local groups on another machine

Get-NetLocalGroup -Recurse -ComputerName <COMPUTER NAME>

Active Directory Module

Get all groups in current domain

Get-ADGroup -Filter * | Select Name

Get all groups in another domain

Get-ADGroup -Filter * -Server <DOMAIN NAME> | Select Name

Get all groups in current domain with all properties

Get-ADGroup -Filter * -Properties *

Get all groups in another domain with all properties

Get-ADGroup -Filter * -Properties * -Server <DOMAIN NAME>

Get all groups containing the word "admin" in group name on current domain

 Get-ADGroup -Filter 'Name -like "*admin*"' | Select Name

Get all groups containing the word "admin" in group name on another domain

 Get-ADGroup -Filter 'Name -like "*admin*"' -Server <DOMAIN NAME> | Select Name

Get group membership of a specific user from current domain

Get-ADPrincipalGroupMembership -Identity <USERNAME>

Get group membership of a specific user from another domain

Get-ADPrincipalGroupMembership -Identity <USERNAME> -Server <DOMAIN NAME>

Get all members of a specific group

Get-ADGroupMember -Identity <GROUP NAME> -Recursive

Get all members of a specific group

Get-ADGroupMember -Identity <GROUP NAME> -Server <DOMAIN NAME> -Recursive

PreviousEnumerating Domain PolicyNextEnumerating Log On & Log Off Activities

Last updated