> For the complete documentation index, see [llms.txt](https://www.netexec.wiki/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.netexec.wiki/ldap-protocol.md).

# LDAP protocol

- [Authentication](https://www.netexec.wiki/ldap-protocol/authentication.md)
- [Enumerate Domain Users](https://www.netexec.wiki/ldap-protocol/enumerate-users.md)
- [Enumerate Domain Groups](https://www.netexec.wiki/ldap-protocol/enumerate-group-members.md)
- [Query LDAP](https://www.netexec.wiki/ldap-protocol/query-ldap.md): An alternative to ldapsearch
- [ASREPRoast](https://www.netexec.wiki/ldap-protocol/asreproast.md): Retrieve the Kerberos 5 AS-REP etype 23 hash of users without Kerberos pre-authentication required
- [Find Domain SID](https://www.netexec.wiki/ldap-protocol/find-domain-sid.md)
- [Kerberoasting](https://www.netexec.wiki/ldap-protocol/kerberoasting.md): Retrieve the Kerberos 5 TGS-REP etype 23 hash using Kerberoasting
- [Find Misconfigured Delegation](https://www.netexec.wiki/ldap-protocol/find-misconfigured-delegation.md)
- [Unconstrained Delegation](https://www.netexec.wiki/ldap-protocol/unconstrained-delegation.md)
- [Admin Count](https://www.netexec.wiki/ldap-protocol/admin-count.md)
- [Machine Account Quota](https://www.netexec.wiki/ldap-protocol/machine-account-quota.md)
- [Get User Descriptions](https://www.netexec.wiki/ldap-protocol/get-user-descriptions.md)
- [Dump gMSA](https://www.netexec.wiki/ldap-protocol/dump-gmsa.md): Extract gmsa credentials accounts
- [Pre2k Computer Account Abuse](https://www.netexec.wiki/ldap-protocol/pre2k.md)
- [Exploit ESC8 (ADCS)](https://www.netexec.wiki/ldap-protocol/exploit-esc8-adcs.md)
- [Extract Subnet](https://www.netexec.wiki/ldap-protocol/extract-subnet.md): Extract subnet over an active directory environment
- [Check LDAP Signing](https://www.netexec.wiki/ldap-protocol/check-ldap-signing.md)
- [Read DACL Rights](https://www.netexec.wiki/ldap-protocol/read-dacl-right.md)
- [Extract gMSA Secrets](https://www.netexec.wiki/ldap-protocol/extract-gmsa-secrets.md): Convert gSAM id, convert gmsa lsa to ntlm ...
- [Bloodhound Ingestor](https://www.netexec.wiki/ldap-protocol/bloodhound-ingestor.md)
- [List DC IP / Enum Trust](https://www.netexec.wiki/ldap-protocol/dc-list.md): List DC
- [Abuse Domain Trust: Raisechild](https://www.netexec.wiki/ldap-protocol/raisechild.md)
- [Enumerate Domain Trusts](https://www.netexec.wiki/ldap-protocol/enumerate-trusts.md)
- [Enumerate SCCM](https://www.netexec.wiki/ldap-protocol/enumerate-sccm.md)
- [Enumerate Entra ID](https://www.netexec.wiki/ldap-protocol/enumerate-entra-id.md): Find the Entra ID synchronization server
- [Dump PSO](https://www.netexec.wiki/ldap-protocol/dump-pso.md)
- [Enumerate scriptPath](https://www.netexec.wiki/ldap-protocol/get-scriptpath.md)
- [Enumerate Unsecure DNS Zones](https://www.netexec.wiki/ldap-protocol/enumerate-unsecure-dns-zones.md)
