Here are the things we will need to run against each domain.
BloodHound
Antivirus products do not like this tool and may raise alarms.
Run this as a Domain Administrator or an equivalent admin user so that the most accurate representation of the environment is captured.
From PowerShell:
powershell -ep bypass
IEX(New-Object Net.Webclient).DownloadString('https://raw.githubusercontent.com/BloodHoundAD/BloodHound/master/Collectors/SharpHound.ps1')
Invoke-BloodHoundADExplorer
Microsoft Direct Download: https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer
Create Snapshot From Gui:
To save a snapshot, choose the file save toolbar button or the Create Snapshot entry from the File menu. Save the file accordingly and upload the file.
Or
**Create Snapshot from command line: **
ADExplorer.exe -accepteula -snapshot domain.com c:\ADsnapshot.snp GPO Report
Please run the following powershell command to produce an HTML file containing all of the domain GPO configurations:
Get-GPOReport -All -Domain "domain.com" -Server "ACME-DC1" -ReportType HTML -Path "C:\GPOReport.html" If you don’t run the command from a DC, you may need to first import the GPO library, it should be available on Win 2008 R2+
Import-Module GroupPolicyPing Castle
Download Ping Castle: https://www.pingcastle.com/download/
When you run the “PingCastle” application, selection option “1-healthcheck” option.