PowerView Common Commands

PowerView.ps1 link

Save this in a notepad as PowerView.ps1 in the windows machine.

This is my cheat sheet for PowerView. These are some PowerView commands that I find useful for Active Directory/Domain enumeration. PowerView is a PowerShell tool to gain network situational awareness on Windows domains.

Open Command Prompt as administrator.

Then Type : powershell -ep bypass

Then go to the directory where you saved the PowerView script then run this command : . .\PowerView.ps1

Now you can begin the enumeration!

Get-NetDomain or Get-Domain : Information about the domain

Get-NetDomain

Get-NetComputer | select operatingsystem same as Get-DomainComputer | select operatingsystem : Show the Operating Systems

Get-NetComputer | select operatingsystem

Get-DomainComputer | select operatingsystem

Get-NetDomainController or Get-DomainController : Get information about the Domain Controller.

Get-NetDomainController

Get-DomainController

Get-DomainPolicy : Shows the Domain Policies

Get-NetUser / Get-DomainUser : Gets information of users in the domain.

Get-NetUser | select cn : cn stands for Common Name

Get-DomainUser | select cn

Get-DomainUser -Properties name,description is same as Get-NetUser | select name, description

Get-DomainUser -Properties name,samaccountname,description : name shows the name of the users, samaccountname shows the logon name used, description shows the description.

Get-NetUser "user" and Get-DomainUser "user" : Shows information about a specific user specified in the "user" in the domain. The user has to be the samaccountname of that particular name of the user.

Get-NetUser "user" is same as Get-DomainUser "user"

Get-NetUser | select name,samaccountname or Get-DomainUser |select name,samaccountname : This command will display the samaccountname related to the user

Get-DomainUser |select name, samaccountname

Get-DomainUser "user"

Get-NetUser | select name, samaccountname

Get-NetUser "user"

Get-NetGroup or Get-DomainGroup : Get all the groups in the domain

Get-NetGroup “Domain Admins"or Get-DomainGroup "Domain Admins” : Gets specific group called Domain Admins

Get-NetGroup “Domain Admins"

Get-DomainGroup "Domain Admins”

Get-DomainGroupMember or Get-NetGroupMember : Get a specific user from a specific group.

Get-NetGroupMember "Domain Admins" same as Get-DomainGroupMember "Domain Admins"

Get-NetGroupMember “Domain Admins"

Get-DomainGroupMember "Domain Admins"

Get-DomainComputer | select cn, dnshostname also same as Get-NetComputer | select cn, dnshostname

Get-DomainComputer | select cn, dnshostname

Get-NetComputer | select cn, dnshostname

Invoke-ShareFinder : Shows all the shares

Get-NetComputer -Properties samaccountname same as Get-DomainComputer -Properties samaccountname

Get-DomainComputer -Properties samaccountname

Get-NetComputer -Properties samaccountname

Net-GPO same as Domain-GPO : Shows the Group Policies.

Get-NetGPO

Get-DomainGPO

Get-DNSZone same as Get-DomainDNSZone : Get DNS information.

Get-DNSZone

Get-DomainDNSZone

Get-NetUser -SPN or Get-DomainUse -SPN : Shows which service instance is associated with a service logon account.

Get-DomainUser -SPN

Get-NetUser -SPN

Get-Forest ,Get-ADForest and Get-NetForest

all are same. They show the forest properties of the domain.

Get-Forest

Get-ADForest

Get-NetForest

Get-ADDomain | select DNSRoot,NetBIOSName,DomainSID : Gets the DNSRoot name, NetBIOS name and the Domain SID

Get-ADUser “user" : Gets information about the domain user user . The user has to be the samaccountname of that user.

Get-adUser -Filter * | select name,samaccountname

Get-ADuser “user”

Get-ADObject -LDAPFilter “objectClass=User” | select name,SamAccountName : Get all the users with their samaccountname in the domain

Get-ADObject -LDAPFilte “objectclass=*” |select name : Get every group, username.

You can change the value of objectclass to Group , User , Domain etc, or simply * to get everything.

Get-ADObject -LDAPFilter “objectClass=User” | select name,SamAccountName

Hi, I’m Aksheet. Interested in Cyber Security and Aviation. eJPT certified on 9th March 2021.