AD enumeration maps users, groups, GPOs, trusts, and attack paths. BloodHound/SharpHound collects AD data and graphs attack paths to Domain Admin.
BloodHound is the most powerful AD attack path analysis tool. Run SharpHound to collect data, import into BloodHound Neo4j, query for shortest path to Domain Admin. Defenders can run BloodHound on their own environment to find and close attack paths.