Built-in net Commands - Domain Enumeration
Local context
whoami
hostname
net users
net localgroup
net localgroup administrators
Domain context
net users /domain
net groups /domain
net group "Domain Admins" /domain
net group "ClientAdmins" /domain
Discover the AD environment from PowerShell
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
Verify domain membership
systeminfo
Add or remove a user from a group (when you have rights)
net group "Management Department" stephanie /add /domain
net group "Management Department" stephanie /del /domain
Password policy
net accounts