SharpSniper is a simple tool to find the IP address of specific users in Active Directory so that you can target their box. It is written in .NET. It takes a username, and makes a list of Domain contollers, then search for Log-on events on any of the DCs for the user you are looking for and then reads the most recent DHCP allocated logon IP address.
Permissions are required to read the EventLogs so DA is likely needed.
cmd.exe (Supply credentials)
C:\> SharpSniper.exe emusk DomainAdminUser DAPass123 User: emusk - IP Address: 192.168.37.130
cmd.exe (Current authentication token e.g. Mimikatz pth)
C:\> SharpSniper.exe emusk User: emusk - IP Address: 192.168.37.130
Cobalt Strike (Supply credentials)
> execute-assembly /path/to/SharpSniper.exe emusk DomainAdminUser DAPass123 User: emusk - IP Address: 192.168.37.130
Cobalt Strike (Beacon's token)
> execute-assembly /path/to/SharpSniper.exe emusk User: emusk - IP Address: 192.168.37.130
Download & compile on Github: