What a surprise that was to find out that by default if you do "run as admin" with AD account, the AD is not queried for account status as long as cached credentials are available.
I was recently reading an Article from MS regarding AMSI an fileless malware and decided to give it a try in a simplest form. So let's have a look.
I needed a anonymized ETL's to be able to pass it to a 3rd party and couldn't find anything that would do it, so I put few thing I found on the internet together, adjusted and here it is.
Find out the LDAP version in your environment.
DNS records can be requested pretty easily from DNS servers via Powershell.