# Domain Groups

Adversaries may attempt to find domain-level groups and permissions settings. The knowledge of domain-level permissions groups can help adversaries determine which group exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.

Commands such as net group /domain of the NET utility, dscacheutil -q group on macOS and ldapsearch on Llinux can list domain-level groups.

**Example**

We will need a domain user to query this information

![](https://315180959-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MRh03Vwd4nuiUi3Oje7%2F-MS065z8TXxpHJVk3kvy%2F-MS06Dwl722Af356bink%2Fimage.png?alt=media\&token=e7605f74-3ff7-4928-82e4-4aedf9414c23)