Once you land on a machine. Source is https://www.youtube.com/watch?v=dO2cZu7090A&ab_channel=SecureIdeas (goldmine, study it)

Computer Info

• tasklist
• arp -a
• systeminfo
• tracert 8.8.8.8
• powershell Get-AdComputer -filter *

Get Domain Name

nltest /DOMAIN_TRUSTS /PRIMARY

Get DC List

nltest /DCLIST <DOMAIN NAME>

Get DNS info with nslookup

C:\\..\\>nslookup
> set type=srv
> _ldap._tcp.dc._msdcs.DOMAIN.local
...
> _ldap._tcp.gc._msdcs.DOMAIN.local
...

Get Users

net user /domain

Get Machines

net view /domain

Get Groups

net group /domain

Get Domain Admins