Import-Module ActiveDirectory
Get-ACL -path "AD:CN=UserA,OU=SubDomainUsers,OU=DomainUsers,DC=MyDomain,DC=com"
dsacls.exe "cn=spotless,cn=users,dc=offense,dc=local" | select-string "spot"
# powerview
Get-ObjectAcl -Identity "Management Department" | ? {$_.ActiveDirectoryRights -eq "GenericAll"} |select SecurityIdentifier,ActiveDirectoryRights # find objects that have 'GenericAll' permission to 'Management Department'
"<sid1>","<sid2>" | Convert-SidToName~/Downloads/adalanche-linux-amd64-v2023.5.3 collect activedirectory --domain aaa.bbb.ccc --authdomain aaa --server 172.16.58.163 --username 'administrator' --password '123qwe!@#' --port 389 --tlsmode NoTLS