Connect to AD

Note that if you are on a domain-joined machine you will already be connected.

However, when doing a pentest you will not be working on a domain-joined machine and if you are Windows Defender or similar will probably prevent you from doing anything fun. So this guide assumes you are on a Windows VM hosted on a domain-joined machine.

Step 1

Install RSAT with the following PS command:

Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online

Step 2

Import AD module - This will probably give a warning 'Unable to find a default server with Active Directory Web Services running.' This is because you are not domain-joined.

Import-Module ActiveDirectory

Step 3

Because you are not domain-joined we need to specify the domain controller to query and provide credentials for an AD user.

Assign your credentials to a variable as such:

$credentials = Get-Credential

Then when querying remember to add the DC server and your credentials. Below we query for a user:

Get-ADUser -Identity 'username' -Server 'dcserver.com' -Credential $credentials

PreviousActive Directory NextAD Explore

Last updated 1 year ago