# Using Powerview Powerview is a powershell script used popularly for enumeration of an Active Directory. The powerview script can be downloaded from the following link, Once the script is made available in the sytem being exploited, it has to be imported using the following command, ``` Import-Module .\PowerView.ps1 ``` Once the import is successful the following commands can be used to extract the info,

Get Domain Information

``` Get-NetDomain ```

List active session in DC

``` Get-NetSession -ComputerName p42dc ```

List all users

``` Get-NetUser ```

List Groups

``` Get-NetGroup ```

List Computer Objects in Domain

``` Get-NetComputer ```

Find User-System pair with Admin Access

``` Find-LocalAdminAccess ```

Find Logged in Users

``` Get-NetSession -ComputerName system1 -Verbose ```

Find SPNs

``` Get-NetUser -SPN | select samaccountname,serviceprincipalname ```

Enumerate Domain Shares

``` Find-DomainShare ```

The above command lists all active sessions present with the domain controller. The system mentioned in the command has to be the domain controller. ``` Get-NetSession -ComputerName p42dc ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.particle42.com/active-directory/all-commands-tools-and-scripts/using-powerview.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.