# Enumerating the Domain

## Overview

Enumerating Active Directory can provide valuable information about the target network, such as user accounts, groups, computers, and other resources.

## Code examples

### Querying a user account <a href="#queryingauseraccount" id="queryingauseraccount"></a>

{% code overflow="wrap" %}

```powershell
Get-ADUser bgoodman

# Specifying property output with Select-Object
Get-ADUser -Identity BGoodman | Select-Object SamAccountName, GivenName, Surname, Name

# Using wild card matching with Select-Object
Get-ADUser -Identity BGoodman -properties * | Select-Object SamAccountName, GivenName, Surname, Name, *phone*

# Querying the password and login info for a user
Get-ADUser bgoodman -prop * | select *password*, *Logon*

# Using -filter to find account matches
Get-ADUser -filter {Surname -like "stanley"} -prop DisplayName | select DisplayName, GivenName, Surname, SamAccountName

# Searching users in a specific Active Directory OU
Get-ADUser -filter * -searchbase "OU=US-Raleigh,DC=mk,DC=lab" -Properties DisplayName |
    select SamAccountName, DisplayName

```

{% endcode %}

## References

{% embed url="<https://www.commandline.ninja/get-aduser-syntax-and-examples/>" %}