Grab users from an ou

Question

Grab users from an ou

njbaker7 opened this issue 3 years ago · 7 comments

I was wondering if there was a way to grab all the users from a specific ou? If you could please provide an example. Thank you!

Answer 1 · 2022-02-07T22:12:30.000Z

or is it possible to feed the module a user list?

Answer 2 · 2022-02-08T07:09:43.000Z

@njbaker7 Could you please clarify which cmdlet you are talking about? DSInternals contains more than 30. But I will presume that you have Get-ADDBAccount or Get-ADReplAccount in mind.

You could do standard PowerShell filtering:

Get-ADReplAccount ... | where DistinguishedName -like '*,OU=Employees,DC=contoso,DC=com'

Or indeed provide a list of users:

Get-ADUser -Filter * -SearchBase  'OU=Employees,DC=contoso,DC=com' | select DistinguishedName | Get-ADReplAccount ...

And similarly with Get-ADDBAccount. BTW, almost all parameters of these commands accept pipeline input (SamAccountName, DistinguishedName, UserPrincipalName, SID, Guid).

Answer 3 · 2022-02-08T12:46:50.000Z

I am new to the DSInternals script. I was attempting to retrieve AD passwords remotely but from a specific OU as opposed to all users.

Answer 4 · 2022-02-08T16:12:11.000Z

Got it working! thank you!

Answer 5 · 2022-02-08T17:57:23.000Z

One last question, if I may, is there anyway to pass an NT hash into the $cred = Get-Credential command?

Answer 6 · 2022-02-08T18:08:29.000Z

One last question, if I may, is there anyway to pass an NT hash into the $cred = Get-Credential command?

Nope, that is not possible with the built-in Windows API the cmdlets are based on. But you could execute powershell.exe using mimikatz and perform the pass-the-hash attack, as with any other Windows app that uses Integrated Windows Authentication.

Answer 7 · 2022-02-08T18:25:31.000Z

Thank you again for the help.