T1069.002 Domain Groups Mappings

Adversaries may attempt to find domain-level groups and permission settings. The knowledge of domain-level permission groups can help adversaries determine which groups exist and which users belong to a particular group. Adversaries may use this information to determine which users have elevated permissions, such as domain administrators.

Commands such as <code>net group /domain</code> of the Net utility, <code>dscacheutil -q group</code> on macOS, and <code>ldapsearch</code> on Linux can list domain-level groups.



Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
azure_sentinel Azure Sentinel technique_scores T1069.002 Domain Groups
microsoft_defender_for_identity Microsoft Defender for Identity technique_scores T1069.002 Domain Groups