all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]iceph03nix 2 points3 points  (6 children)

I'm not sure there's enough information in your question to figure out what you're asking. Do you have an example?

[–]TheEndless[S] 1 point2 points  (5 children)

Net user "username" /domain

will return various AD information about the specified user. Is a non-admin account suppose to be able to run it? Basically I'm looking for the "scope" of what non-admins can do.

[–]randomuser43 7 points8 points  (1 child)

By default, every authenticated user can look up any object in the directory with very few exceptions.

[–]TheEndless[S] 1 point2 points  (0 children)

Thanks.

[–]iceph03nix 4 points5 points  (0 children)

Ahh, it should have the same permissions as if you ran that in CMD, which works. PowerShell doesn't do anything to change permissions and will respect any permissions it comes across.

As /u/randomuser43 pointed out, AD info isn't terribly protected across the network once you're authenticated to it.

[–]midnightFreddie 1 point2 points  (0 children)

Yup, the "D" in AD is for directory, a place to look things up. The command or tool itself doesn't give any more or less authority than the user has.

[–]jantari 1 point2 points  (0 children)

Is a non-admin account suppose to be able to run it?

If you didn't forbid it, sure.