getdomainsid - Returns the domain sid (by default current domain if no domain is provided)getforest - returns the name of the current forestgetforestdomains - returns the name of all domains in the current forestconvertsidtoname - Converts a SID to the corresponding group or domain name (use the -u option for providing the SID value)getadcsservers - Get a list of servers running AD CS within the current domain

getdomaincomputers - Get a list of all computers in the domaingetdomaincontrollers - Gets a list of all domain controllersgetdomainshares - Get a list of all accessible domain shares

getnetlocalgroupmember - Returns a list of all users in a local group on a remote systemgetnetdomaingroupmember - Returns a list of all users in a domain groupgetdomainuser - Retrieves info about specific user (name, description, SID, Domain Groups)getnetsession - Returns a list of accounts with sessions on the targeted systemgetnetloggedon - Returns a list of accounts logged into the targeted systemgetuserswithspns - Returns a list of all domain accounts that have a SPN associated with them

finddomainprocess - Search for a specific process across all systems in the domain (requires admin access on remote systems)finddomainuser - Searches the domain environment for a specified user or group and tries to find active sessions (default searches for Domain Admins)findinterestingdomainsharefile - Searches the domain environment for all accessible shares. Once found, it parses all filenames for "interesting" stringsfindwritableshares - Enumerates all shares in the domain and then checks to see if the current account can create a text file in the root level share, and one level deep.

PowerView - https://github.com/PowerShellMafia/PowerSploit/blob/master/Recon/PowerView.ps1CSharp-Tools - https://github.com/RcoIl/CSharp-ToolsStackOverflow - Random questions (if this isn't somehow listed as a reference, we know we're forgetting it :))SharpView - https://github.com/tevora-threat/SharpView