description: Detects scenarios where an attacker attempts to load the Active Directory PowerShell module on a non administrative host in order to enumerate users, groups, ... Also note that no user ...