“CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks.” - https://github.com/byt3bl33d3r/CrackMapExec/wiki. The following command will enumerate a list of SMB hosts with signing not enforced, allowing you to relay credentials to them using ntlmrelayx.py.
Command Reference:
SMB Hosts: smb_hosts.txt
crackmapexec smb smb_host.txt --gen-relay-list output.txt