What can one do with a user's NTHASH?

I have a valid username, domain name and an NTHASH. I do not have the password. Have kept it for cracking and responder so far did not help (wpad is blocked by policy it seems, or default IE / win11/10 setting) but in the meantime is it possible for me to use the NTHASH and enumerate usernames, domain admins. I tried ‘cme’ and it gave me some users via rid bf and password policy - that’s it.

rpcclient , despite of providing the NTHASH asks for the password

smbclient does not play ball.

Any other options to use NTHASH?

Can I do anything with the original user’s system - they use MacOS though.

Furthermore, is it possible for me to use this with bloodhound and sense where the admins are logged into and where?

Apologies for asking too many questions.

I am picking up network testing after 9 years! Everything is different, but somethings are the same. Any help/lead would be appreciated.

Thank you.