# Enumerate Entra ID

If Entra ID is deployed in Active Directory with cloud sync active, the MSOL account is a high value target, due to its default configuration of having DCSync privileges. This MSOL account can be extracted from a local database on the sync server. To find the Entra ID sync server you can use the NetExec module \`entra-id\`:

```bash
nxc ldap <ip> -u user -p pass -M entra-id
```

<figure><img src="/files/tEljGsZTvDXaqdSiq7yb" alt=""><figcaption><p>Hunt for the Entra ID sync server, dump the MSOL account and dump the NTDS.dit</p></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.netexec.wiki/ldap-protocol/enumerate-entra-id.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.