> For the complete documentation index, see [llms.txt](https://rabakuku.gitbook.io/ad-red-team/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://rabakuku.gitbook.io/ad-red-team/i.-active-directory-enumeration/forest-and-domains.md).

# Forest and Domains

## Domain Enumeration Manual

```c
#The enumeration can be done by using Native executables and .NET classes

Whoami /priv

$ADClass=[System.DirectoryServices.ActiveDirectory.Domain]

$ADClass::GetCurrentDomain()

```

## Domain Enumeration Tools

## PowerView

```c
https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1


#Import
..\PowerView.ps1


#Get Domain Info
Get-NetDomain


#Specify Domain Name
Get-NetDomain -Domain moneycorp.local


#Get Domain SID
Get-DomainSID


#Get domain policy for the current domain
Get-DomainPolicy
(Get-DomainPolicy)."system access"
(Get-DomainPolicy)."Kerberos Policy"
(Get-DomainPolicy)."Version"
(Get-DomainPolicy)."Registry Values"


#Get domain policy for another domain
(Get-DomainPolicy–domainmoneycorp.local)."system access" 
(Get-DomainPolicy–domainmoneycorp.local)."Kerberos Policy" 


#Get domain controllers for the current domain
Get-NetDomainController


#Get domain controllers for another domain
Get-NetDomainController –Domain moneycorp.local
```

## The ActiveDirectoryPowerShell module

```c
#To use ActiveDirectorymodule without installing RSAT, we can use Import-Module 
for the valid ActiveDirectorymodule DLL
https://docs.microsoft.com/en-us/powershell/module/addsadministration/?view=win10-ps

#import Module: We need to import both the .dll and psd1
Import-Module .\Microsoft.ActiveDirectory.Management.dll
Import-Module .\ActiveDirectory\ActiveDirectory.psd1


#Get Domain info after importing .dll and .psd1
GetADDomain


#Get object of another Domain
Get-ADDomain-Identity moneycorp.local

#Get domain SID for the current domain
(Get-ADDomain).DomainSID


#Get domain controllers for the current domain
Get-ADDomainController


#Get domain controllers for another domain
Get-ADDomainController -DomainName moneycorp.local -Discover
```

#### samratashok

```c
#To use ActiveDirectorymodule without installing RSAT, we can use Import-Module 
for the valid ActiveDirectorymodule DLL

https://github.com/samratashok/ADModule
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://rabakuku.gitbook.io/ad-red-team/i.-active-directory-enumeration/forest-and-domains.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.