One of the first things to do on an internal pentest is to identify the Domain Controllers (DCs) on the target domain. You can find the DCs pretty easily if you have the internal domain name.
nslookup -q=srv _ldap._tcp.dc._msdcs.[domain]
nltest /dsgetdc:[domain]
Last updated 12 days ago
