# Returns the ACLs associated with the specified accountGet-DomaiObjectAcl-Identity<AccountName>-ResolveGUIDs#Search for interesting ACEsFind-InterestingDomainAcl-ResolveGUIDs#Check the ACLs associated with a specified path (e.g smb share)Get-PathAcl-Path"\\Path\Of\A\Share"
Domain Trusts
Get-DomainTrustGet-DomainTrust-Domain<DomainName>#Enumerate all trusts for the current domain and then enumerates all trusts for each domain it findsGet-DomainTrustMapping
User Hunting
#Finds all machines on the current domain where the current user has local admin accessFind-LocalAdminAccess-Verbose#Find local admins on all machines of the domainFind-DomainLocalGroupMember-Verbose#Find computers were a Domain Admin OR a spesified user has a sessionFind-DomainUserLocation|Select-ObjectUserName,SessionFromName#Confirming admin accessTest-AdminAccess