Check for anonymous bind: ldapsearch -h 10.10.10.161 -p 389 -x -b "dc=htb, dc=local" //The -x flag is used to specify anonymous authentication, while the -b flag denotes the basedn to start from.

Windapsearch

/opt/windapsearch Anonymous Bind search: python3 /opt/windapsearch/windapsearch.py -d htb.local --dc-ip 10.10.10.161 -U Enum Users: ./windapsearch.py -d lab.ropnop.com -u ropnop\\ldapbind -p GoCubs16 -U Enum Groups and Group Members: //determine if they or a group they belong to are part of "Domain Admins" aka have DA rights. ./windapsearch.py -d lab.ropnop.com -u ropnop\\ldapbind -p GoCubs16 -m IT