ToolsFebruary 9, 20261 min readby 0xt0pus

PowerView

PowerShell tool for Active Directory enumeration and domain reconnaissance

#active-directory#windows#enumeration#powershell

PowerView

Description

PowerView is a PowerShell tool for Active Directory enumeration. It uses LDAP queries to enumerate users, groups, computers, GPOs, ACLs, domain trusts, and more. It is a key tool for AD penetration testing.

Usage 1: Load PowerView

Command:

. C:\AD\Tools\PowerView.ps1

Command (Alternative):

. .\powerview.ps1

Usage 2: Enumerate Domain Information

PowerView provides cmdlets like Get-DomainUser, Get-DomainGroup, Get-DomainComputer, Get-DomainOU, Get-DomainGPO, Get-DomainTrust, etc.

Usage 3: Get GPO Applied on Specific OU

Command:

(Get-DomainOU -Identity StudentMachines).gplink

Command (Get GPO details):

Get-DomainGPO -Identity (Get-DomainOU -Identity StudentMachines).gplink.substring(11,(Get-DomainOU -Identity StudentMachines).gplink.length-72)

Usage 4: Find Computers with Unconstrained Delegation

Using PowerView to find computers with unconstrained delegation enabled.

Usage 5: Find Users with Pre-Auth Disabled (AS-REP Roastable)

Using PowerView to find users who have Kerberos pre-authentication disabled.