What tools can be used to gather Active Directory information from within a compromised domain host?

From inside the domain, you can use PowerShell with PowerView scripts, C# with SharpView, or C++ programs that call ADSI interfaces. The article provides a custom C++ tool (`QueryADObject.exe`) that supports querying users, computers, and groups with flexible search conditions and output modes, similar to the approaches used in obtaining domain user login information.