1. In a modern Windows environment all of the discovery is performed as an authenticated standard domain user. You don't necessarily need to use Windows for it, but having credentials (or malware running) is a prerequisite. 2. I'm currently working on a provisioning script for the techniques identified in the presentation. Just need time to gather all of the right resources (it will create more than just user accounts, it will create the GPP files, the login scripts, the UIF, and others, and provision group membership based on XML config). I've heard of other frameworks but they don't appear to focus specifically on AD.

www.activecountermeasures.com/presentations/ - in the BHIS_Webcast folder