Windows Sysinternal tool

https://docs.microsoft.com/en-us/sysinternals/downloads/adexplorer

Link to download:

https://download.sysinternals.com/files/AdExplorer.zip

useful queries:

Find Operation systems:

*(objectCategory=computer)(operatingsystemversion=*Vista*)*

Find passwords in description:

(description=*pass*)

Find user passwords:

(UserPassword=*)

Convert ADExplorer snapshot to bloodhound:

https://github.com/c3c/ADExplorerSnapshot.py

errors

if you getting:

ADExplorerSnapshot.py ad.dat 
[*] Server: hq-dc-s01.REDACTED.local
[*] Time of snapshot: 2023-10-30T11:45:40
[*] Mapping offset: 0x353758b2
[*] Object count: 210434
[+] Parsing properties: 4191
[+] Parsing classes: 706
[+] Parsing object offsets: 210434
[+] Preprocessing objects: 80536 sids, 50990 computers, 1 domains with 11 DCs
[<] Collecting data: 6037/210434 (0 users, 0 groups, 0 computers, 0 certtemplates, 0 CAs, 0 trusts)
Traceback (most recent call last):
  File "adexpsnapshot/__init__.py", line 1004, in security_to_bloodhound_aces
    standard_rights = list(rights["rights"])
                      ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/enum.py", line 1482, in __iter__
    yield from self._iter_member_(self._value_)
  File "/usr/lib/python3.11/enum.py", line 1369, in _iter_member_by_def_
    yield from sorted(
               ^^^^^^^
  File "/usr/lib/python3.11/enum.py", line 1371, in <lambda>
    key=lambda m: m._sort_order_,
                  ^^^^^^^^^^^^^^
AttributeError: 'NoneType' object has no attribute '_sort_order_'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/bin/ADExplorerSnapshot.py", line 8, in <module>
    sys.exit(main())
             ^^^^^^
  File "/python3.11/site-packages/adexpsnapshot/__init__.py", line 1129, in main
    ades.outputBloodHound()
  File "/python3.11/site-packages/adexpsnapshot/__init__.py", line 137, in outputBloodHound
    self.process()
  File ".local/lib/python3.11/site-packages/adexpsnapshot/__init__.py", line 265, in process
    ret = fun(obj)
          ^^^^^^^^
  File ".local/lib/python3.11/site-packages/adexpsnapshot/__init__.py", line 537, in processCertTemplates
    aces = self.security_to_bloodhound_aces(security)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File ".local/lib/python3.11/site-packages/adexpsnapshot/__init__.py", line 1006, in security_to_bloodhound_aces
    standard_rights = rights["rights"].to_list()
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/certipy/lib/constants.py", line 265, in to_list
    members, _ = enum._decompose(cls, self._value_)
                 ^^^^^^^^^^^^^^^
AttributeError: module 'enum' has no attribute '_decompose'