Enumeration

PowerView

# Finding all domain objects that our user has rights ove
Import-Module .\\PowerView.ps1
$sid = Convert-NameToSid eren <-- user we have control over
Get-DomainObjectACL -Identity * | ? {$_.SecurityIdentifier -eq $sid}

# Performing a Reverse Search & Mapping to a GUID Value
$guid= "00299570-246d-11d0-a768-00aa006e0529" <-- Value of ObjectAceType returned in above command

# Using the -ResolveGUIDs Flag to do automatically
Get-DomainObjectACL -ResolveGUIDs -Identity * | ? {$_.SecurityIdentifier -eq $sid}

# Doing all of Above manually with Get-Acl and Get-ADUser
# Creating a List of Domain Users
Get-ADUser -Filter * | Select-Object -ExpandProperty SamAccountName > ad_users.txt

# A Useful foreach Loop
foreach($line in [System.IO.File]::ReadLines("C:\\Users\\eren\\Desktop\\ad_users.txt")) {get-acl  "AD:\\$(Get-ADUser $line)" | Select-Object Path -ExpandProperty Access | Where-Object {$_.IdentityReference -match 'DOMAIN\\\\wley'}}
  
# Investigating the Group with Get-DomainGroup
Get-DomainGroup -Identity "GROUP NAME" | select memberof

# Investigating the Group
PS $itgroupsid = Convert-NameToSid "GROUP NAME"
Get-DomainObjectACL -ResolveGUIDs -Identity * | ? {$_.SecurityIdentifier -eq $itgroupsid} -Verbose

Automated Enumeration can be done with BloodHound