Miscellaneous Cypher Queries that didn’t fit somewhere else

Show all users whose password was not changed since 2020-12

Replace AD.EXAMPLE.COM with the target domain’s DNS name (FQDN) in the examples below

MATCH (e:User) WHERE e.name =~ ".*@AD.EXAMPLE.COM" AND e.pwdlastset < 1607540796 RETURN e.name

Mark as owned the users listed by the query above

MATCH (e:User) WHERE e.name =~ ".*@AD.EXAMPLE.COM" AND e.pwdlastset < 1607540796 SET e.owned = true RETURN e.name

List all domain controllers in all domains

Graph of all DCs, sorted by domain/group

MATCH p=(c:Computer)-[:MemberOf*1]->(g:Group) WHERE g.name =~ '(?i).*(Domain.Controllers).*' RETURN p

List of all DCs, for Neo4j

MATCH p=(c:Computer)-[:MemberOf*1]->(g:Group) WHERE g.name =~ '(?i).*(Domain.Controllers).*' RETURN g.name AS Domain_Controllers_Group,c.name AS Computer

List and search groups

List all groups with descriptions:

MATCH (g:Group) RETURN g.name AS Group, g.description AS Description

MATCH (g:Group) WHERE g.name =~ '(?i).*(dev).*' OR g.description =~ '(?i).*(dev).*' RETURN g.name AS Group_Name, g.description AS Description

Antisyphon KB

Explorer

Misc Bloodhound Cypher Queries

Miscellaneous Cypher Queries that didn’t fit somewhere else

Show all users whose password was not changed since 2020-12

List all domain controllers in all domains

List and search groups

See Also

Graph View

Table of Contents

Backlinks