ADSearch is a domain reconnaissance tool with fewer built-in search functionalities as PowerView, but comes with the ability to execute LDAP queries.
beacon> execute-assembly C:\Tools\ADSearch\ADSearch\bin\Release\ADSearch.exe --search "(&(objectCategory=group)(cn=MS SQL Admins))" --attributes cn,member
[*] TOTAL NUMBER OF SEARCH RESULTS: 1
[+] cn : MS SQL Admins
[+] member : CN=Developers,CN=Users,DC=dev,DC=cyberbotic,DC=ioIt alternatively supports --json output.
Oneliner for looking for Kerberoastable users:
beacon> execute-assembly C:\Tools\ADSearch\ADSearch\bin\Release\ADSearch.exe --search "(&(objectCategory=user)(servicePrincipalName=*))" --attributes cn,servicePrincipalName,samAccountName