Domain Account

Adversaries may attempt to get a listing of domain accounts. This information can help adversaries determine which domains accounts exist to aid in follow-on behavior.

Commands such as net user /domain and net group /domain of the Net utility, dccacheutil -q group, on macOS, and ldapsearch on Linux can list domain users and groups.

Example

We can utilize the net user /domain command to view users on the Domain (User utilizing this command must be part of a Domain, we cannot use this if the user is Local)