At the time of writing this, we do not have very much in place to enforce what passwords can and can’t be used on the network aside of the standard group policy controls. In the past, I used to gather AD Password hashes from the domain controller and then run the password through hashcat in order to give me a list of user passwords; The Domain Password Spray Powershell script from Dafthack changes everything.