Tuesday, October 22, 2013

Useful Windows Command


How many users are logged on/connected to a server?

Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:
 NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:
 PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.

Who is logged on to a computer?

We often need to know who is currently logged on to a remote computer.
With native Windows (up to and including XP) commands only:
 NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"
The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT won't always return a user name, even when a user is logged on.
Using WMIC (Windows XP Professional and later):
 WMIC /Node:remotecomputer ComputerSystem Get UserName
This is arguably the most reliable (native) command to find out who is logged on.
With the help of SysInternals' PSTools:
 PSLOGGEDON -L \\remotecomputer
or:
 PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "
or:
 PSEXEC \\remotecomputer NET NAME
or for Windows XP only:
 PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"
Using REG.EXE (Windows 2000 and later):
 FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
  FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
   SET LoggedinUser=%%B
  )
 )
or for Windows 7:
 FOR /F %%A IN ('REG Query \\remotecomputer\HKU /K /F "S-1-5-21-" ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (') DO (
  FOR /F "tokens=2*" %%B IN ('REG Query "\\remotecomputer\%%~A\Volatile Environment" /V "UserName" ˆ| FIND /V ":"') DO (
   SET LoggedinUser=%%C
  )
 )
NETSH and WMIC are for XP or later, and are the most reliable of all commands shown here.
WMIC requires WMI enabled remote computers and Windows XP on the administrator's computer; NETSH requires Windows XP on the local and remote computers.
PSLOGGEDON is a more accurate solution than NBTSTAT, but it will return the last logged on user if no one is currently logged on.
The NET and NBTSTAT commands show more or less identical results, but the NBTSTAT command is much faster.
The REG command is accurate, but may need to be modified depending on the version used.
More information on REG versions can be found on my REG Query page.
For Windows NT 4 and 2000: use NBTSTAT (fast, but it won't always return the user name!), and only switch to REG if NBTSTAT doesn't return a user name (modify the REG command for Windows NT 4).
For Windows XP and later: if you want to search lots of computers for logged on users, I recommend you try NBTSTAT first (fast, but it won't always return the user name!), and only switch to NETSH, REG or WMIC (accurate) if NBTSTAT doesn't return a user name.
Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH command).

What is this collegue's login name?

My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:
 DSQUERY USER -name *lastname* | DSGET USER -samid -display
Note: Windows Server 2003's "DSTools" will work fine in Windows 2000 and XP too, when copied.
Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories.

What is the full name for this login name?

With the native NET command:
 NET USER loginname /DOMAIN | FIND /I " name "
With (native) Windows Server 2003 commands:
 DSQUERY USER -samid *loginname* | DSGET USER -samid -display
Note: The NET command may seem more universal, because it requires neither Active Directory nor Windows Server 2003 commands, but it is language dependent!
For non-English Windows you may need to modify FIND's search string.

What groups is this user a member of?

In Windows NT 4 and later, users usually are members of global groups. These global groups in turn are members of (domain) local groups. Access permissions are given to (domain) local groups.
To check if a user has access to a resource, we need to check group membership recursively.
With (native) Windows Server 2003 commands:
 DSQUERY USER -samid loginname | DSGET USER -memberof -expand

What permissions does a user have on this directory?

One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Windows Server 2003 Resource Kit Tools is a better alternative:
 CD /D d:\directory2check
 SHOWACLS /U:domain\userid

When did someone last change his password?

With the native NET command:
 NET USER loginname /DOMAIN | FIND /I "Password last set"

How do I reset someone's password?

With the native NET command:
 NET USER loginname newpassword /DOMAIN
With (native) Windows Server 2003 commands:
 DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword
Note: To prevent the new password from being displayed on screen replace it with an asterisk (*); you will then be prompted (twice) to type the new password "blindly".

Is someone's account locked?

With the native NET command:
 NET USER loginname /DOMAIN | FIND /I "Account active"
The account is either locked ("Locked") or active ("Yes").

How to unlock a locked account

With the native NET command:
 NET USER loginname /DOMAIN /ACTIVE:YES
or, if the password needs to be reset as well:
 NET USER loginname newpassword /DOMAIN /ACTIVE:YES

Make sure a local user's password never expires

With WMIC (Windows XP Professional or later):
 WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="FALSE"

Make sure a local user's password will expire

With WMIC (Windows XP Professional or later):
 WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="TRUE"


List all domains and workgroups in the network

With the native NET command:
 NET VIEW /DOMAIN

List all computers in the network

With the native NET command:
 NET VIEW
or, to list the names only:
 FOR /F "skip=3 delims=\  " %%A IN ('NET VIEW') DO ECHO.%%A
delims is a backslash, followed by a tab and a space.


List all domain controllers

With native Windows 2000 commands:
 NETDOM QUERY /D:MyDomain DC
NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.
With (native) Windows Server 2003 commands (Active Directory only):
 DSQUERY Server
or, if you prefer host names only (tip by Jim Christian Flatin):
 DSQUERY Server -o rdn


Find the primary domain controller

With native Windows 2000 commands:
 NETDOM QUERY /D:MyDomain PDC
or, to find the FSMO with (native) Windows Server 2003 commands (Active Directory only):
 NETDOM QUERY /D:mydomain.com FSMO
NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

List all member servers

With native Windows 2000 commands:
 NETDOM QUERY /D:MyDomain SERVER
NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

List all workstations

With native Windows 2000 commands:
 NETDOM QUERY /D:MyDomain WORKSTATION
NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.

Delete a computer account

With native Windows 2000 commands:
 NETDOM /DOMAIN:MyDomain MEMBER \\computer2Bdeleted /DELETE
NETDOM is part of the support tools found in the \SUPPORT directory of the Windows 2000 installation CDROM.


"I need an up-to-date list of disk space usage for all servers, on my desk in 5 minutes"

Sounds familiar?
With (native) Windows XP Professional or Windows Server 2003 commands:
 FOR /F %%A IN (servers.txt) DO (
  WMIC /Node:%%A LogicalDisk Where DriveType="3" Get DeviceID,FileSystem,FreeSpace,Size /Format:csv | MORE /E +2 >> SRVSPACE.CSV
 )
The only prerequisites are:
  1. SRVSPACE.CSV should not exist or be empty,
  2. a list of server names in a file named SERVERS.TXT, one server name on each line,
  3. and WMIC.EXE, which is native in Windows XP Professional and later.
The CSV file format is ServerName,DeviceID,FileSystem,FreeSpace,Size (one line for each harddisk partition on each server).
If you have a strict server naming convention, SERVERS.TXT itself can be generated with the NET command:
 FOR /F "delims=\  " %%A IN ('NET VIEW ^| FINDSTR /R /B /C:"\\\\SRV\-"') DO (>>SERVERS.TXT ECHO.%%A)
Notes: (1) assuming server names start with "SRV-"; modify to match your own naming convention.
(2) delims is a backslash, followed by a tab and a space.

List all drivers on any PC

With (native) Windows XP Professional or Windows Server 2003 commands:
 DRIVERQUERY /V /FO CSV > %ComputerName%.csv
Or, for remote computers:
 DRIVERQUERY /S remote_PC /V /FO CSV > remote_PC.csv


List all printers on any PC

With (native) Windows XP+ commands:
 WMIC /Node:remote_PC Path Win32_Printer Get DeviceID


List all local administrators

With (native) Windows NT 4+ commands:
 NET LOCALGROUP Administrators
Or, to remove header and footer lines:
 FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
 FOR /F "tokens=*"  %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
 NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"

Locate rogue DHCP servers

Never had an "illegal" router wreaking havoc on your network yet...?
With a (native) Windows Server 2003 command:
 DHCPLOC -p local_IP_address [ valid_DHCP_server1 [ valid_DHCP_server2 [ .. ] ] ]
DHCPLOC.EXE is native in Windows Server 2003, and will run in Windows XP if copied/installed.
I didn't test this in Windows Server 2003 yet, but in Windows XP you need to press "d" to start the discovery, or "q" to quit.

Disable Windows Firewall for domain only

Disable the firewall only when the computer (e.g. a laptop) is connected to the domain:
 NETSH Firewall Set OpMode Mode = DISABLE Profile = DOMAIN

Completely disable Windows Firewall (not recommended)

Disable the firewall comletely (not recommended unless an alternative enterprise firewall is used that requires you to do so):
 SC [ \\Remote_computer ] Stop SharedAccess
 SC [ \\Remote_computer ] Config SharedAccess start= disabled

Is IP v4 supported on this computer?

Check if IP v4 is supported on the local computer:
 PING 127.0.0.1 | FIND "TTL=" >NUL 2>&1
 IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)
or:
 WMIC Path Win32_PingStatus WHERE "Address='127.0.0.1'" Get StatusCode /Format:Value | FINDSTR /X "StatusCode=0" >NUL 2>&1
 IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)
The WMIC command is faster, but requires Windows XP Professional or later.

Is IP v6 supported on this computer?

Check if IP v6 is supported on the local computer:
 PING ::1 | FINDSTR /R /C:"::1:[ˆ$]" >NUL 2>&1
 IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)
or:
 WMIC Path Win32_PingStatus WHERE "Address='::1'" Get StatusCode >NUL 2>&1
 IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)
The WMIC command is faster, but requires Windows XP Professional or later.

Which updates were installed on this compter?

Windows 7 and 8:
 DISM /Online /Get-Packages
or:
 WMIC QFE List

DISM will return far more details than WMIC.

Windows 2000 and XP:
 QFECHECK /V
 
 
SOURCE :http://www.robvanderwoude.com
 

Wednesday, September 25, 2013

How to Force Proxy Settings Via Group Policy

This article describes how to force proxy settings via Group Policy.
  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand User configurationPoliciesWindows SettingsInternet Explorer MaintenanceConnection.
  • In right Pane Proxy Settings


For some security reasons maybe administrator need to prevent end users from change their proxy settings.
You can do it with group policy follow this steps:
  • Click StartAll programs – Administrative Tools – Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration – Administrative Templates – Windows Components - Internet Explorer – Internet Control Panel
  • In right Pane Disable the Connections page (Enabled) 
  Locking connection settings for Internet Explorer


2.1. In Group Policy Object Editor open a corresponding GPO for a domain, website or organizational unit;
2.2. Expand in the left part of the window: User Configuration > Administrative Templates > Windows Components > Internet Explorer;
2.3. Select Internet Control Panel in Internet Explorer;
2.4. Double-click Disable changing proxy settings n the right part of the window;
2.5. Set the value Enabled and click OK.


Wednesday, September 11, 2013

Upgrading Windows Server 2008R2 Editions With DISM

Please note the following:
  • You can only do upgrades. You CANNOT downgrade
  • The server you upgrade cannot be a domain controller (demote, upgrade, promote)
  • This works on Standard, Enterprise edition, both full & core installations.
  • You cannot switch form core to full or vice versa. It’s edition upgrade only, not  for switching type of install.
This is how to find the possible target editions for your server:
C:\Windows\system32>DISM /online /Get-TargetEditions

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385
Editions that can be upgraded to:

Target Edition : ServerDataCenter
Target Edition : ServerEnterprise

The operation completed successfully.
So I went to Enterprise Edition by executing this process takes some time but is painless but for one reboot.
C:\Windows\system32>Dism /online /Set-Edition:ServerEnterprise /ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y

Deployment Image Servicing and Management tool
Version: 6.1.7600.16385

Image Version: 6.1.7600.16385

Starting to update components...
Starting to install product key...
Finished installing product key.

Removing package Microsoft-Windows-ServerStandardEdition~31bf3856ad364e35~amd64~~6.1.7601.17514
[==========================100.0%==========================]
Finished updating components.

Starting to apply edition-specific settings...
Restart Windows to complete this operation.
Do you want to restart the computer now (Y/N)?
You either use a MAK key (if you don’t have a KMS server) or the default key for your volume license media. When you have KMS in place (and the matching server group KMS key A, B, or C) the activation will be done automatically and transparent for you. Standard trouble shooting applies if you run into an issue there.
These are the public keys for use with a KMS server:
  • Windows 7 Professional – FJ82H-XT6CR-J8D7P-XQJJ2-GPDD4
  • Windows 7 Professional N – MRPKT-YTG23-K7D7T-X2JMM-QY7MG
  • Windows 7 Enterprise – 33PXH-7Y6KF-2VJC9-XBBR8-HVTHH
  • Windows 7 Enterprise N – YDRBP-3D83W-TY26F-D46B2-XCKRJ
  • Windows 7 Enterprise E – C29WB-22CC8-VJ326-GHFJW-H9DH4
  • Windows Server 2008 R2 HPC Edition – FKJQ8-TMCVP-FRMR7-4WR42-3JCD7
  • Windows Server 2008 R2 Datacenter – 74YFP-3QFB3-KQT8W-PMXWJ-7M648
  • Windows Server 2008 R2 Enterprise – 489J6-VHDMP-X63PK-3K798-CPX3Y
  • Windows Server 2008 R2 for Itanium-Based Systems – GT63C-RJFQ3-4GMB6-BRFB9-CB83V
  • Windows Server 2008 R2 Standard – YC6KT-GKW9T-YTKYR-T4X34-R7VHC
  • Windows Web Server 2008 R2 – 6TPJF-RBVHG-WBW2R-86QPH-6RTM4
Don’t worry this is public information (KMS Client Setup Keys), these will only activate if you have a KMS server and the to key make that KMS server work.
Either way there is no need for reinstall & migration or upgrade installation in for a simple upgrade scenario So do your self a  favor and always check if you can use DSIM to achieve your goals!

Resource : http://workinghardinit.wordpress.com/2011/09/20/upgrading-windows-server-2008r2-editions-with-dism/

Troubleshoot Shockwave Player installation in Windows


If you have problems installing Adobe Shockwave Player, work through the steps below. After each step, restart the computer to ensure that the changes take effect before moving on to the next step.

1. Uninstall previous versions

Be sure to remove previous versions before you install Shockwave Player. Use any of the following methods:
  • Double-click the uninstaller.exe file in C:\Windows\system32\Adobe\Shockwave 11.
  • Use the Add Or Remove Programs utility in the Windows Control Panel.
  • (Shockwave 8 and 8.5) Use the uninstaller available from the Web Players page.
Note: Close all applications before you run the Shockwave Player uninstaller. Quit all running applications, including browsers and instant messaging clients. Check the Windows system tray to make sure that no applications that use Shockwave Player are in use.

2. Download the Adobe Shockwave Player installer

Download the installer from the Download Center.

3. Check browser settings (Internet Explorer)

Before installing Shockwave Player, check the following browser settings:

Check the security level

Make sure that the security level is not set to High or to a custom level that doesn't allow viewing of ActiveX controls. Typically, the default security level (medium) allows you to view Shockwave content. For a custom level, ensure that both Download Signed ActiveX Controls and Run ActiveX Controls And Plug-ins are set to Prompt.
  1. Open Internet Explorer.
  2. Choose Tools > Internet Options.
  3. Click the Security tab.
  4. Click Defaul Level, or click Custom Level and do the following:

    a. Find the section ActiveX Controls And Plug-ins.

    b. Set Download Signed ActiveX Controls to Prompt.

    c. Set Run ActiveX Controls And Plug-ins to Prompt.

Check user permissions

If you don't have administrator access to Windows XP SP2 , Windows Vista or Windows 7, you can't install Shockwave Player successfully. Administrative privileges are required for the Windows system registry and for the C:\WINDOWS\system32\Adobe\Shockwave folder.

4. Download an alternate installer

  1. If the issue still occurs, download an alternate Shockwave Player installer.
  2. Close all applications and run the installer.
  3. Go to the test page to confirm that Shockwave Player installed successfully.

5. Check firewall and utility settings 

Some Internet utilities, such as Norton Internet Utilities, function similar to a firewall and can restrict viewing of ActiveX controls. In some cases, they block Shockwave content. Ensure that firewall or utility settings are set to allow ActiveX controls and Shockwave (SWF) content.

Monday, August 19, 2013

WMIC Commands



Determine user currently logged in remotely
 wmic /node:remotecomputer computersystem get username

For a text file of the manual run
 wmic /?:full > wmic_docs.txt

Remotely list startup apps
 wmic /node:machinename startup list full
 wmic STARTUP GET Caption, Command, User

Reboot or Shutdown a box
 wmic os where buildnumber="2600" call reboot -- Get build# from OS Info (see below)

Kill a process – use with care
 wmic process where name="cmd.exe" delete

Get OS Information and export to CSV, html, xsl, mof
 wmic /output:wmicbuild.csv os get /all /format:csv
 wmic /output:wmicbuild.html os get /all /format:htable

List running processes and output to HTML/XSL form.
 wmic /output:wmic.html process list full /format:hform

Query Device Driver Status
wmic /output:savrt.csv sysdriver where name="savrt" list status /format:csv
Query this status on all machines in the domain. You have all the machines in the domain in a text file
wmic /node:"@targets.txt" /output:savrt.csv sysdriver where name="savrt" list status /format:csv

Get a list of NICs and IP’s in use
 netsh int ip show config
 wmic nicconfig where IPEnabled='true'

Remotely change the IP to a static IP (Index is Interface#)
 wmic /node:machinename nicconfig where Index=1 call EnableStatic ("172.16.10.10"), ("255.255.0.0")

Remotely change IP to use DHCP
 wmic /node:machinename nicconfig where Index=1 call EnableDHCP

Remotely Display machine’s MAC Address
 wmic /node:machinename nic get macaddress

Get Process Owner or OwnerSID
 wmic process where name="cmd.exe" call getowner
 wmic process where name="cmd.exe" call getownersid

Remotely list running processes every second
 wmic /node:machinename process list brief /every:1

Delete ARPCache
 netsh int ip delete arpcache

System Information

Remotely display System Info
 wmic /node:machinename computersystem list full

Full Drive Info
 wmic diskdrive list full
 wmic partition list full

Bios Info
 wmic bios list full

List all Hotfixes and Services Packs
 wmic qfe

List HotfixID, description and Install date
 wmic qfe where "not description like " get description,hotfixid,installedon
 example: wmic qfe where hotfixid="KB958644" list full <lists patch info for MS08-067>

Remotely List Local Enabled Accounts
 wmic /node:machinename USERACCOUNT WHERE "Disabled=0 AND LocalAccount=1" GET Name

Start a service
 wmic /node:machinename 4 service lanmanserver CALL Startservice

Change startup mode for a service
 wmic /node:machinename service where (name like "Fax" OR name like "Alerter") CALL ChangeStartMode Disabled

List Services with brief description
 wmic service list brief

List useraccounts
 wmic useraccount
 wmic useraccount list brief

Enable RDP
 wmic /node:"machinename 4" path Win32_TerminalServiceSetting where AllowTSConnections=“0” call SetAllowTSConnections “1”

List ShadowCopy Info
wmic shadowcopy list brief

List Event Logs
 wmic ntevent list brief --- Brief takes a while, full takes even longer
 wmic nteventlog where (description like "%secevent%") call cleareventlog

Remotely output Logon Events to a html file
 wmic /node:machinename /output:wmicevents.html ntevent where (message like "%logon%") list brief /format:htform

List number of times a user logged on
 wmic netlogin where (name like "%adm%") get numberoflogons

Display Shares
 wmic share list brief

Monday, July 29, 2013

Active Directory: DSQUERY Commands


DSQUERY Commands to query AD objects:-

 1. How to find all members for a particular group

  dsget group "<DN of the group>" -members
1a. How to find all groups for a particular member (including nested groups)

  dsget user "<DN of the user>" -memberof -expand
  dsquery user -samid "username" | dsget user -memberof -expand

2. How to find memberof , lastlogontimestamp , homemta(Mail server) , Samaccountname & so on(Repadmin /showattr <DCname> <"DN">)
 dsquery * "<DN>" -scope base -attr lastlogontimestamp memberoff

 repadmin /showattr <DCNAME> <"DN"> /attrs:lastlogon,homemta,whencreated,lastlogontimestamp,samaccountname

3. How to modify user last name.
 dsmod user <dn> -ln "<last name>"

4. How to find memberof , lastlogontimestamp , homemta(Mail server) , Samaccountname & so on for "n" number of users
 Create a batch file(for /f "eol= tokens=* delims= usebackq" %%x in (%1) do dsquery * %%x -scope base -attr sAMAccountName objectsid whencreated  lastlogontimestamp mail homeMTA memberof) e.g ds.bat

 Create a text file (All users DN e.g:dn.txt)

 Open cmd & run ds.bat dn.txt >> c:\attr.txt

5. How to find DN for n number of computers
 for /f %%x in (%1) do dsquery computer -name %%x

  (Create a batch file with line & create a txt file computer.txt

  open cmd >>>>>>batchfile computer.txt >> c:\dn.txt

6. Find Subnet with associated site.
  dsquery subnet -name <CIDR> | dsget subnet

8.How to find disabled users
  dsquery user "dc=ssig,dc=com" -disabled

  dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"

9. How to find OS?
 dsquery * <"DN"> -scope base -attr operatingSystem

10. How to find site ?
 dsquery site -name * -limit 0
 dsquery server -s <server> | dsget server -site

11. How to get tombstonelifetime ?
 dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com" -scope base -attr tombstonelifetime

13. How to find mail box?

 dsquery * -filter "samaccountname=biswajit" -attr homemdb 

14. How to find the GCs?
 DsQuery Server -domain contoso.com -isgc

15.How to find all the active users?

 dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

16.How to find users logon name by their mail address for bulk users?

 For Single user

  dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(mail=e-mailaddress))" -attr name

  For bulk users

  for /f %%x in (%1) do dsquery * domainroot -filter "(&(objectcategory=person)(objectclass=user)(mail=%%x))" -attr name


17. How to find Schema version?

  dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion
  or
  schupgr




18. How to find Site name by server name ?

  dsquery server -name test1 | dsget server -site

  dsquery server -name (provide the server name for DN) | dsget server -site
19. How to find all groups of a user is memberof without the DN's?

  dsquery user -samid anthony | dsget user -memberof | dsget group -samid

  dsquery user -samid (provide the samaccount name of the user) | dsget user -memberof | dsget group -samid

20. How to find all groups if a computer account without giving the DN's ?

  dsquery computer -name test1 | dsget computer -memberof | dsget group -samid

21. How to find PDC role holder for the existing domain ?

  dsquery server -hasfsmo PDC

22. How to find Infrastructure Master role holder existing domain ?

  dsquery server -hasfsmo INFR

23. How to find RID master role holder for existing domain ?

  dsquery server -hasfsmo RID

24. How to find Schema master role holder in a Forest ?

  dsquery server -forest -hasfsmo Schema

25. How to find Domain Naming Master in a Forest ?

  dsquery server -forest -hasfsmo Name

26. How to find if the Domain Controller is a Global Catalog (GC) or not ?

  dsquery server -name test1 | dsget server -isgc

27. How to find subnet with associated site.

  dsquery subnet -name 10.222.88.0/25 | dsget subnet
28.  How to find SID of a user?

  dsquery user -samid <bbiswas> | dsget user -sid
  dsquery * -filter (samaccountname=Biswajit) – attr sid

29.  How to find sIDHisotry of a user?

  Dsquery * -filter (samaccoutname=Bbiswas) – attr siDhistory

30.  How to find enabled computer accounts in an OU?

 dsquery computer OU=Test,DC=contoso,DC=com -limit 5000 | dsget computer -dn -disabled | find /i " no"

31.  How to count enabled computer accounts in an OU?

 dsquery computer OU=Test,DC=contoso,DC=com -limit 5000 | dsget computer -dn -disabled | find /c /i " no"

32. How to find all members for a OU.
dsquery user ou=targetOU,dc=domain,dc=com

33. How to find all groups for a OU.

dsquery group ou=targetOU,dc=domain,dc=com

dsquery group -samid “Group Pre-Win2k Name” | dsget group -members | dsget user -disabled -display

35.Command to find all the subnets for the given site 
dsquery subnet -o rdn -site <site name>

36. Command to find all DCs in the given site

>>dsquery server -o rdn -site <site name>

37. Command to find all DCs in the Forest

>>dsquery server -o rdn -forest

38. To list the distinguished names of all directory partitions in the current forest
>>dsquery partition 

Below example for single domain


Below example for parent/child domain


39. To find all contacts in the organizational unit (OU)

dsquery contact OU=Sales,DC=Contoso,DC=Com

40. To list the relative distinguished names of all sites that are defined in the directory

dsquery site -limit 0

41. List of all users with primary group "Domain Users"

dsquery * -filter "(primaryGroupID=513)" -limit 0

(You can change the "primaryGroupID" as per your requirement)

513:Domain Users
514:Domain Guests
515:Domain Computers
516:Domain Controllers

42. How to find all attributes for all users?

Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >>output123.txt

43. Show How Many Times wrong Password has been entered on a specified domain controller.

dsquery * -filter "(sAMAccountName=jsmith)" -s MyServer -attr givenName sn badPwdCount


The badPwdCount attribute is not replicated, so a different value is saved for each user on each domain controller.

44. Expire use account.

dsquery * "dc=contoso,dc=com" -filter "(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807)) " -attr sAMAccountname displayName

Fine Granted Password Policy

http://social.technet.microsoft.com/wiki/cfs-file.ashx/__key/communityserver-components-sitefiles/10_5F00_external.png 
i)
dsget user <user DN> -effectivepso

Example:
 
C:\>dsget user "CN=bshwjt,OU=pso,DC=contoso,DC=com" -effectivepso
effectivepso
"CN=test,CN=Password Settings Container,CN=System,DC=contoso,DC=com"
dsget succeeded
("bshwjt" is the user and test is the "PSO" also see the below snap)


ii) How to find the PSO settings

 
C:\>dsquery * "<CN=your pso name>,CN=Password Settings Container,CN=System,DC=contoso,DC=com" -scope base -attr *

46. Find out Account Expiry date  

dsquery user -name * -limit 0 | dsget user -samid -acctexpires

47.This example displays all attributes of the contoso.com domain object

dsquery * -filter (dc=contoso) -attr *


48.This complex example displays the names of all attributes (150) that Windows Server 2003 replicates to Global Catalog servers. (If the command displays no attributes, ensure that you typed TRUE in capital letters

dsquery * cn=Schema,cn=Configuration,dc=contoso,dc=com -filter "(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" -limit 0 -attr name


49. How to get all samaacount name ?

dsquery user -o rdn -limit 0

50.The command displays the DNS host name, the site name, and whether the server is Global Catalog (GC) server for each domain controller

dsquery server | dsget server -dnsname -site -isgc
Get all the servers in the forest

dsquery server -forest -limit 0 | dsget server -dnsname -site -isgc

51.The dsget command displays properties of users or other objects. In this example, it displays the 6 groups that explicitly list the Administrator as member

Note: The -memberof -expand combination recursively expands the list of groups of which the user is a member. In this example, the Users group is added to the list because Domain Users is a member of the Users group.

dsget user cn=Administrator,cn=Users,dc=contoso,dc=com -memberof 

52.The output of the dsquery command can be used as input for the dsget command by using a pipe ( | ). In this example, the SAM account name and the security ID (SID) of each user is displayed.

dsquery user | dsget user -samid -sid -limit 0 >> c:\Allusers-samid-sid.txt

53. How to find 
RODC ?

dsquery server -isreadonly

Dsquery for exchange server

54. How to find the Schema Version for Exchange Servers.

dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=domain,dc=local -scope base -attr rangeUpper

55.How to find lastLogonTimestamp for all users for a domain

dsquery * -filter "&(objectClass=person)(objectCategory=user)" -attr cn lastLogonTimestamp -limit 0

56. Inactive users are go to disable state

dsquery * <ou> -filter "(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807))" | dsmod user -disabled yes  

57.ADDS existing connection point objects

dsquery * forestroot -filter (objectclass=serviceconnectionpoint)

58. Find all Hyper-V hosts in your forest
C:\>dsquery * forestroot -filter "&(cn=Microsoft Hyper-V)(objectCategory=serviceconnectionpoint)" -attr servicebindinginformation >> c:\hyper-v.txt

59. Find all windows virtual machine in your forest
C:\>dsquery * forestroot -filter "&(cn=windows virtual machine)(objectCategory=serviceconnectionpoint)" -limit 0 -attr * >> c:\allvirtualPCs.txt

60.Extract the all groups from an OU with Group Scope & Group Type. Find the below snap for your reference.

C:\>dsquery group "ou=test,dc=gs,dc=com" -limit 0 | dsget group -samid -scope -secgrp


61.The following example displays a list of users of the Organigation Unit "Techie Sol",
can then be forwarded to dsget that can provide detailed information about objects.
In the example, the requested user list is headed by the pipe symbol after dsget that
-outputs then the sAMAccountName for all users and email address.
If you wanted to carry out modifications to the information returned by DSQuery user list,
we could send the result to dsmod, which for us is making changes to all users.
In following Image shows the changes in the command ensures that all users of DSQuery
-user list must change their passwords in next logon.


Another way to get the user attributes from an OU. Find the below snap & dsquery for that.

C:\>dsquery * "ou=test,DC=contoso,DC=com" -filter "(&(objectcategory=person)(objectclass=user))" -limit 0
-attr samaccountname description department title


62.retrieve the DN of all users in the domain that are not direct members of a specified group
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!(memberOf=Groupname,ou=West,
dc=Contoso,dc=com))) -limit 0 > NotInGroup.txt

63. How to open DSQUERY GUI Window

rundll32 dsquery,OpenQueryWindow

DNS application partition

64. How to find the DNS servers from DomainDNSZones & ForestDNSzones

C:\>dsquery * DC=DomainDnsZones,DC=contoso,DC=com -scope base -attr msDs-masteredBy
C
:\>dsquery * DC=forestDnsZones,DC=contoso,DC=com -scope base -attr msDs-masteredBy

65.Finding the Functional Levels of Active Directory

dsquery * "DC=contoso,DC=com" -scope base -attr msDS-Behavior-Version ntMixedDomain
0, 0        Windows 2000 Native domain Level
0, 1        Windows 2000 Mixed domain Level
2, 0        Windows 2003 Domain Level
3, 0        Windows 2008 Domain Level
4, 0        Windows 2008 R2 Domain Level

   

Source : MS TechNet