In a pentest, user information from Active Directory could reveal patterns and user behavior. For example, if a user last set his password in October 2007, chances are the password has something to do with October 2017. To know what users to target, group membership could be handy. Getting user group membership into a csv files requires some specific joining of tables. The lines below may be used for querying this infromation into CSV files.
Use the following to query information from all users:
get-aduser -filter * -properties SAMAccountName, passwordlastset,lastlogondate,PasswordNeverExpires,created,description,enabled,memberof | select SAMAccountName,name,passwordlastset,lastlogondate,PasswordNeverExpires,created,description,enabled,@{n=’MemberOf’; e= { ( $_.memberof | % { (Get-ADObject $_).Name }) -join “,” }} | export-csv "29-10-2018_AllUsers.csv" -notypeinformation -Encoding UTF8 -append
Use the following to query information from users in a list:
foreach($line in Get-Content h:\users.txt) { get-aduser $line -properties SAMAccountName, passwordlastset,lastlogondate,created,description,enabled,memberof | select SAMAccountName,name,passwordlastset,lastlogondate,created,description,enabled,@{n=’MemberOf’; e= { ( $_.memberof | % { (Get-ADObject $_).Name }) -join “,” }} | export-csv "26-10-2018-usersinlist.csv" -notypeinformation -Encoding UTF8 -append }