# Hands-On Lab

![](https://i.imgur.com/YzYZ1XP.png)

Now that we have talked about Active Directory and understand the theory of it, let's take a hands-on look. I recommend having basic knowledge in Powershell before trying this lab. We'll be taking a look at the internals of Active Directory by using PowerShell commands to view machines, computers, users, and groups.&#x20;

Lab Setup -&#x20;

﻿1.) Deploy the Machine

2.) SSH or RDP into the machine (or use the browser-based instance)

Username: Administrator\
Password: password123@\
Domain: CONTROLLER.local

PowerView Setup -&#x20;

﻿1.) `cd Downloads` - navigate to the directory PowerView is in

2.) `powershell -ep bypass` - load a powershell shell with execution policy bypassed

3.) `. .\PowerView.ps1` - import the PowerView module

![](https://i.imgur.com/g1Hu0qH.png)

Lab Overview -&#x20;

I will help you with a few commands the rest is up to you. Use the following cheatsheet [here](https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993) to find what you need. You should have enough knowledge of Active Directory now to investigate the machine's internals on your own.

Example Commands:

* `Get-NetComputer -fulldata | select operatingsystem` - gets a list of all operating systems on the domain

![](https://i.imgur.com/oLJ2zMM.png)

* `Get-NetUser | select cn` - gets a list of all users on the domain

![](https://i.imgur.com/N35nUOE.png)

You can find a cheatsheet for Powerview [here](https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993) by HarmJ0y.

Now you are on your own use the cheatsheet and hints to help you find the rest of the commands and get hands-on with Active  Directory.&#x20;

Deploy the Machine CompletedWhat is the name of the Windows 10 operating system?&#x20;

What is the second "Admin" name?\
&#x20;

Which group has a capital "V" in the group name?<br>

When was the password last set for the SQLService user?<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://captmouse.gitbook.io/defense/getting-started/active-directory-basics/hands-on-lab.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.