Domain Groups

Adversaries may attempt to find domain-level groups and permissions settings. The knowledge of domain-level permissions groups can help adversaries determine which group exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.

Commands such as net group /domain of the NET utility, dscacheutil -q group on macOS and ldapsearch on Llinux can list domain-level groups.

Example

We will need a domain user to query this information