====== Windows get active directory info ======

===== Get SID of user =====

Get SID of a local user
<cli prompt='>'>
c:\> wmic useraccount where name='username' get sid
c:\> wmic useraccount where name='%username%' get sid
c:\> wmic useraccount where (name='administrator' and domain='%computername%') get name,sid
c:\> wmic useraccount where (name='administrator' and domain='%userdomain%') get name,sid

c:\>whoami /user
USER INFORMATION
----------------
User Name      SID
============== ==============================================
mydomain\wincmd S-1-5-21-7375663-6890924511-1272660413-2944159
</cli>

<cli prompt='>'>
PS C:\> Import-Module ActiveDirectory
PS C:\> Get-ADUser -Identity S-1-5-21-941005169-1824062477-405670111-1106
</cli>

==== How to Find a User's SID in the Registry ====

You can also determine a user's SID by looking through the ProfileImagePath values in each S-1-5-21 prefixed SID listed under this key:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

===== Get all of the OUs in a domain =====

<cli prompt='>'>
PS C:\> Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A
Name                 DistinguishedName
----                 -----------------
Domain Controllers   OU=Domain Controllers,DC=FABRIKAM,DC=COM
UserAccounts         OU=UserAccounts,DC=FABRIKAM,DC=COM
Sales                OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM
Marketing            OU=Marketing,OU=UserAccounts,DC=FABRIKAM,DC=COM
</cli>

Get an OU by its distinguished name
<cli prompt='>'>
PS C:\> Get-ADOrganizationalUnit -Identity 'OU=AsiaPacific,OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' | Format-Table Name,Country,PostalCode,City,StreetAddress,State -A
Name        Country PostalCode City     StreetAddress    State
----        ------- ---------- ----     -------------    -----
AsiaPacific AU      4171       Balmoral 45 Martens Place QLD
</cli>

Get child OUs
<cli prompt='>'>
PS C:\> Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Sales,OU=UserAccounts,DC=FABRIKAM,DC=COM' -SearchScope OneLevel | Format-Table Name,Country,PostalCode,City,StreetAddress,State
Name                    Country                 PostalCode             City                   StreetAddress          State
----                    -------                 ----------             ----                   -------------          -----
AsiaPacific             AU                      4171                   Balmoral               45 Martens Place       QLD
Europe                  UK                      NG34 0NI               QUARRINGTON            22 Station Rd
NorthAmerica            US                      02142                  Cambridge              1634 Randolph Street   MA
</cli>

===== Get AD config =====

<cli prompt='>'>
PS C:\Users\myuser01> certutil.exe -dump
Entry 0:
  Name:                   	"MY.AAA.LU"
  Organizational Unit:    	""
  Organization:           	""
  Locality:               	""
  State:                  	""
  Country/region:         	""
  Config:                 	"ad-dc01.aaa.lu\MY.AAA.LU"
  Exchange Certificate:   	""
  Signature Certificate:  	""
  Description:            	""
  Server:                 	"AD-CABDL2-VMH.bdl.lu"
  Authority:              	"MY.AAA.LU"
  Sanitized Name:         	"MY.AAA.LU"
  Short Name:             	"MY.AAA.LU"
  Sanitized Short Name:   	"MY.AAA.LU"
  Flags:                  	"1"
  Web Enrollment Servers: 	""
</cli>

<cli prompt='>'>
PS C:\Users\myuser01> certutil.exe -getconfig
CertUtil: No local Certification Authority; use -config option
CertUtil: No more data is available.

PS C:\Users\myuser01> certutil.exe -cainfo
CertUtil: No local Certification Authority; use -config option
CertUtil: No more data is available.
</cli>