An incredibly useful one-liner:
wmic useraccount get disabled,domain,name,sid
Run that from an administrative command prompt while logged in as a domain admin to list all the users and their SIDs. Very handy when trying to decode security events, file permissions, etc. Credit goes to this article. The Disabled column tells you whether the account is active.
Other useful commands:
wmic sysaccount get domain,name,sid – list built-in accounts
wmic group get domain,name,sid – list Active Directory groups
net user <username> – list all info for one user
net localgroup Administrators – list users in the local Administrators group
Unfortunately, I haven’t been able to find a wmic command to list all the computer accounts in Active Directory. The closest I’ve come is a pair of PowerShell commands to translate a computer or user SID (from TechNet):
$objSID = New-Object System.Security.Principal.SecurityIdentifier `
("S-1-5-21-1454471165-1004335555-1606985555-5555")
$objSID.Translate([System.Security.Principal.NTAccount]).Value