User Enumeration

Domain Enumeration - User

PowerView

#Get a list of users in the current domain
Get-NetUser
Get-NetUser -Username student1
#Find User Accounts used as Service Accounts
Get-NetUser -SPN


#Get list of all properties for users in the current domain
Get-UserProperty
Get-UserProperty –Properties pwdlastset
Get-UserProperty –Properties badpwdcount



#Search for a particular string in a user's attributes:
Find-UserField -SearchField Description -SearchTerm "pass"

The ActiveDirectoryPowerShell module

#Get a list of users in the current domain
Get-ADUser-Filter* -Properties *
Get-ADUser-Identitystudent1-Properties *


#Get list of all properties for users in the current domain
Get-ADUser -Filter * -Properties * | select -First 1| Get-Member -MemberType *Property |select Name
Get-ADUser -Filter * -Properties * | select name,@{expression={[datetime]::fromFileTime($_.pwdlastset)}}



#Search for a particular and passwords string in a user's attributes:
Get-ADUser -Filter 'Description -like "*pass*"' -Properties Description | select name,Description

Well-Known SID

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/security-identifiers-in-windows