Monday, July 29, 2013

Active Directory: DSQUERY Commands

DSQUERY Commands to query AD objects:-

 1. How to find all members for a particular group

  dsget group "<DN of the group>" -members
1a. How to find all groups for a particular member (including nested groups)

  dsget user "<DN of the user>" -memberof -expand
  dsquery user -samid "username" | dsget user -memberof -expand

2. How to find memberof , lastlogontimestamp , homemta(Mail server) , Samaccountname & so on(Repadmin /showattr <DCname> <"DN">)
 dsquery * "<DN>" -scope base -attr lastlogontimestamp memberoff

 repadmin /showattr <DCNAME> <"DN"> /attrs:lastlogon,homemta,whencreated,lastlogontimestamp,samaccountname

3. How to modify user last name.
 dsmod user <dn> -ln "<last name>"

4. How to find memberof , lastlogontimestamp , homemta(Mail server) , Samaccountname & so on for "n" number of users
 Create a batch file(for /f "eol= tokens=* delims= usebackq" %%x in (%1) do dsquery * %%x -scope base -attr sAMAccountName objectsid whencreated  lastlogontimestamp mail homeMTA memberof) e.g ds.bat

 Create a text file (All users DN e.g:dn.txt)

 Open cmd & run ds.bat dn.txt >> c:\attr.txt

5. How to find DN for n number of computers
 for /f %%x in (%1) do dsquery computer -name %%x

  (Create a batch file with line & create a txt file computer.txt

  open cmd >>>>>>batchfile computer.txt >> c:\dn.txt

6. Find Subnet with associated site.
  dsquery subnet -name <CIDR> | dsget subnet

8.How to find disabled users
  dsquery user "dc=ssig,dc=com" -disabled

  dsquery * -filter "(&(objectCategory=person)(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))"

9. How to find OS?
 dsquery * <"DN"> -scope base -attr operatingSystem

10. How to find site ?
 dsquery site -name * -limit 0
 dsquery server -s <server> | dsget server -site

11. How to get tombstonelifetime ?
 dsquery * "CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=yourdomain,DC=com" -scope base -attr tombstonelifetime

13. How to find mail box?

 dsquery * -filter "samaccountname=biswajit" -attr homemdb 

14. How to find the GCs?
 DsQuery Server -domain -isgc

15.How to find all the active users?

 dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

16.How to find users logon name by their mail address for bulk users?

 For Single user

  dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(mail=e-mailaddress))" -attr name

  For bulk users

  for /f %%x in (%1) do dsquery * domainroot -filter "(&(objectcategory=person)(objectclass=user)(mail=%%x))" -attr name

17. How to find Schema version?

  dsquery * cn=schema,cn=configuration,dc=domainname,dc=local -scope base -attr objectVersion

18. How to find Site name by server name ?

  dsquery server -name test1 | dsget server -site

  dsquery server -name (provide the server name for DN) | dsget server -site
19. How to find all groups of a user is memberof without the DN's?

  dsquery user -samid anthony | dsget user -memberof | dsget group -samid

  dsquery user -samid (provide the samaccount name of the user) | dsget user -memberof | dsget group -samid

20. How to find all groups if a computer account without giving the DN's ?

  dsquery computer -name test1 | dsget computer -memberof | dsget group -samid

21. How to find PDC role holder for the existing domain ?

  dsquery server -hasfsmo PDC

22. How to find Infrastructure Master role holder existing domain ?

  dsquery server -hasfsmo INFR

23. How to find RID master role holder for existing domain ?

  dsquery server -hasfsmo RID

24. How to find Schema master role holder in a Forest ?

  dsquery server -forest -hasfsmo Schema

25. How to find Domain Naming Master in a Forest ?

  dsquery server -forest -hasfsmo Name

26. How to find if the Domain Controller is a Global Catalog (GC) or not ?

  dsquery server -name test1 | dsget server -isgc

27. How to find subnet with associated site.

  dsquery subnet -name | dsget subnet
28.  How to find SID of a user?

  dsquery user -samid <bbiswas> | dsget user -sid
  dsquery * -filter (samaccountname=Biswajit) – attr sid

29.  How to find sIDHisotry of a user?

  Dsquery * -filter (samaccoutname=Bbiswas) – attr siDhistory

30.  How to find enabled computer accounts in an OU?

 dsquery computer OU=Test,DC=contoso,DC=com -limit 5000 | dsget computer -dn -disabled | find /i " no"

31.  How to count enabled computer accounts in an OU?

 dsquery computer OU=Test,DC=contoso,DC=com -limit 5000 | dsget computer -dn -disabled | find /c /i " no"

32. How to find all members for a OU.
dsquery user ou=targetOU,dc=domain,dc=com

33. How to find all groups for a OU.

dsquery group ou=targetOU,dc=domain,dc=com

dsquery group -samid “Group Pre-Win2k Name” | dsget group -members | dsget user -disabled -display

35.Command to find all the subnets for the given site 
dsquery subnet -o rdn -site <site name>

36. Command to find all DCs in the given site

>>dsquery server -o rdn -site <site name>

37. Command to find all DCs in the Forest

>>dsquery server -o rdn -forest

38. To list the distinguished names of all directory partitions in the current forest
>>dsquery partition 

Below example for single domain

Below example for parent/child domain

39. To find all contacts in the organizational unit (OU)

dsquery contact OU=Sales,DC=Contoso,DC=Com

40. To list the relative distinguished names of all sites that are defined in the directory

dsquery site -limit 0

41. List of all users with primary group "Domain Users"

dsquery * -filter "(primaryGroupID=513)" -limit 0

(You can change the "primaryGroupID" as per your requirement)

513:Domain Users
514:Domain Guests
515:Domain Computers
516:Domain Controllers

42. How to find all attributes for all users?

Dsquery * -limit 0 -filter "&(objectClass=User)(objectCategory=Person)" -attr * >>output123.txt

43. Show How Many Times wrong Password has been entered on a specified domain controller.

dsquery * -filter "(sAMAccountName=jsmith)" -s MyServer -attr givenName sn badPwdCount

The badPwdCount attribute is not replicated, so a different value is saved for each user on each domain controller.

44. Expire use account.

dsquery * "dc=contoso,dc=com" -filter "(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807)) " -attr sAMAccountname displayName

Fine Granted Password Policy 
dsget user <user DN> -effectivepso

C:\>dsget user "CN=bshwjt,OU=pso,DC=contoso,DC=com" -effectivepso
"CN=test,CN=Password Settings Container,CN=System,DC=contoso,DC=com"
dsget succeeded
("bshwjt" is the user and test is the "PSO" also see the below snap)

ii) How to find the PSO settings

C:\>dsquery * "<CN=your pso name>,CN=Password Settings Container,CN=System,DC=contoso,DC=com" -scope base -attr *

46. Find out Account Expiry date  

dsquery user -name * -limit 0 | dsget user -samid -acctexpires

47.This example displays all attributes of the domain object

dsquery * -filter (dc=contoso) -attr *

48.This complex example displays the names of all attributes (150) that Windows Server 2003 replicates to Global Catalog servers. (If the command displays no attributes, ensure that you typed TRUE in capital letters

dsquery * cn=Schema,cn=Configuration,dc=contoso,dc=com -filter "(&(objectCategory=attributeSchema)(isMemberOfPartialAttributeSet=TRUE))" -limit 0 -attr name

49. How to get all samaacount name ?

dsquery user -o rdn -limit 0

50.The command displays the DNS host name, the site name, and whether the server is Global Catalog (GC) server for each domain controller

dsquery server | dsget server -dnsname -site -isgc
Get all the servers in the forest

dsquery server -forest -limit 0 | dsget server -dnsname -site -isgc

51.The dsget command displays properties of users or other objects. In this example, it displays the 6 groups that explicitly list the Administrator as member

Note: The -memberof -expand combination recursively expands the list of groups of which the user is a member. In this example, the Users group is added to the list because Domain Users is a member of the Users group.

dsget user cn=Administrator,cn=Users,dc=contoso,dc=com -memberof 

52.The output of the dsquery command can be used as input for the dsget command by using a pipe ( | ). In this example, the SAM account name and the security ID (SID) of each user is displayed.

dsquery user | dsget user -samid -sid -limit 0 >> c:\Allusers-samid-sid.txt

53. How to find 

dsquery server -isreadonly

Dsquery for exchange server

54. How to find the Schema Version for Exchange Servers.

dsquery * CN=ms-Exch-Schema-Version-Pt,cn=schema,cn=configuration,dc=domain,dc=local -scope base -attr rangeUpper

55.How to find lastLogonTimestamp for all users for a domain

dsquery * -filter "&(objectClass=person)(objectCategory=user)" -attr cn lastLogonTimestamp -limit 0

56. Inactive users are go to disable state

dsquery * <ou> -filter "(&(objectCategory=Person)(objectClass=User)(!accountExpires=0)(!accountExpires=9223372036854775807))" | dsmod user -disabled yes  

57.ADDS existing connection point objects

dsquery * forestroot -filter (objectclass=serviceconnectionpoint)

58. Find all Hyper-V hosts in your forest
C:\>dsquery * forestroot -filter "&(cn=Microsoft Hyper-V)(objectCategory=serviceconnectionpoint)" -attr servicebindinginformation >> c:\hyper-v.txt

59. Find all windows virtual machine in your forest
C:\>dsquery * forestroot -filter "&(cn=windows virtual machine)(objectCategory=serviceconnectionpoint)" -limit 0 -attr * >> c:\allvirtualPCs.txt

60.Extract the all groups from an OU with Group Scope & Group Type. Find the below snap for your reference.

C:\>dsquery group "ou=test,dc=gs,dc=com" -limit 0 | dsget group -samid -scope -secgrp

61.The following example displays a list of users of the Organigation Unit "Techie Sol",
can then be forwarded to dsget that can provide detailed information about objects.
In the example, the requested user list is headed by the pipe symbol after dsget that
-outputs then the sAMAccountName for all users and email address.
If you wanted to carry out modifications to the information returned by DSQuery user list,
we could send the result to dsmod, which for us is making changes to all users.
In following Image shows the changes in the command ensures that all users of DSQuery
-user list must change their passwords in next logon.

Another way to get the user attributes from an OU. Find the below snap & dsquery for that.

C:\>dsquery * "ou=test,DC=contoso,DC=com" -filter "(&(objectcategory=person)(objectclass=user))" -limit 0
-attr samaccountname description department title

62.retrieve the DN of all users in the domain that are not direct members of a specified group
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!(memberOf=Groupname,ou=West,
dc=Contoso,dc=com))) -limit 0 > NotInGroup.txt

63. How to open DSQUERY GUI Window

rundll32 dsquery,OpenQueryWindow

DNS application partition

64. How to find the DNS servers from DomainDNSZones & ForestDNSzones

C:\>dsquery * DC=DomainDnsZones,DC=contoso,DC=com -scope base -attr msDs-masteredBy
:\>dsquery * DC=forestDnsZones,DC=contoso,DC=com -scope base -attr msDs-masteredBy

65.Finding the Functional Levels of Active Directory

dsquery * "DC=contoso,DC=com" -scope base -attr msDS-Behavior-Version ntMixedDomain
0, 0        Windows 2000 Native domain Level
0, 1        Windows 2000 Mixed domain Level
2, 0        Windows 2003 Domain Level
3, 0        Windows 2008 Domain Level
4, 0        Windows 2008 R2 Domain Level


Source : MS TechNet

Wednesday, July 24, 2013

Windows Admins : Lookout for essential tools

1: System File Checker

Malicious software will often attempt to replace core system files with modified versions in an effort to take control of the system. The System File Checker can be used to verify the integrity of the Windows system files. If any of the files are found to be missing or corrupt, they will be replaced. You can run the System File Checker by using this command:
sfc /scannow

2: File Signature Verification

One way to verify the integrity of a system is to make sure that all the system files are digitally signed. You can accomplish this with the File Signature Verification tool. This tool is launched from the command line but uses a GUI interface. It will tell you which system files are signed and which aren't. As a rule, all the system files should be digitally signed, although some hardware vendors don't sign driver files. The command used to launch the File Signature Verification tool is:

3: Driverquery

Incorrect device drivers can lead to any number of system problems. If you want to see which drivers are installed on a Windows 7 system, you can do so by running the driverquery tool. This simple command-line tool provides information about each driver that is being used. The command is:
If you need a bit more information, you can append the -v switch. Another option is to append the -si switch, which causes the tool to display signature information for the drivers. Here's how they look:
driverquery -v
driverquery -si

4: Nslookup

The nslookup tool can help you to verify that DNS name resolution is working correctly. When you run nslookup against a host name, the tool will show you how the name was resolved, as well as which DNS server was used during the lookup. This tool can be extremely helpful when troubleshooting problems related to legacy DNS records that still exist but that are no longer correct.
To use this tool, just enter the nslookup command, followed by the name of the host you want to resolve. For example:

5: Ping

Ping is probably the simplest of all diagnostic commands. It's used to verify basic TCP/IP connectivity to a network host. To use it, simply enter the command, followed by the name or IP address of the host you want to test. For example:
Keep in mind that this command will work only if Internet Control Message Protocol (ICMP) traffic is allowed to pass between the two machines. If at any point a firewall is blocking ICMP traffic, the ping will fail.

6: Pathping

Ping does a good job of telling you whether two machines can communicate with one another over TCP/IP, but if a ping does fail, you won't receive any information regarding the nature of the failure. This is where the pathping utility comes in.
Pathping is designed for environments in which one or more routers exist between hosts. It sends a series of packets to each router that's in the path to the destination host in an effort to determine whether the router is performing slowly or dropping packets. At its simplest, the syntax for pathping is identical to that of the ping command (although there are some optional switches you can use). The command looks like this:

7: Ipconfig

The ipconfig command is used to view or modify a computer's IP addresses. For example, if you wanted to view a Windows 7 system's full IP configuration, you could use the following command:
ipconfig /all
Assuming that the system has acquired its IP address from a DHCP server, you can use the ipconfig command to release and then renew the IP address. Doing so involves using the following commands:
ipconfig /release
ipconfig /renew
Another handy thing you can do with ipconfig is flush the DNS resolver cache. This can be helpful when a system is resolving DNS addresses incorrectly. You can flush the DNS cache by using this command:
ipconfig /flushdns

8: Repair-bde

If a drive that is encrypted with BitLocker has problems, you can sometimes recover the data using a utility called repair-bde. To use this command, you will need a destination drive to which the recovered data can be written, as well as your BitLocker recovery key or recovery password. The basic syntax for this command is:
repair-bde <source> <destination> -rk | rp <source>
You must specify the source drive, the destination drive, and either the rk (recovery key) or the rp (recovery password) switch, along with the path to the recovery key or the recovery password. Here are two examples of how to use this utility:
repair-bde c: d: -rk e:\recovery.bek
repair-bde c: d: -rp 111111-111111-111111-111111-111111-111111

9: Tasklist

The tasklist command is designed to provide information about the tasks that are running on a Windows 7 system. At its most basic, you can enter the following command:
The tasklist command has numerous optional switches, but there are a couple I want to mention. One is the -m switch, which causes tasklist to display all the DLL modules associated with a task. The other is the -svc switch, which lists the services that support each task. Here's how they look:
tasklist -m
tasklist -svc

10: Taskkill

The taskkill command terminates a task, either by name (which is referred to as the image name) or by process ID. The syntax for this command is simple. You must follow the taskkill command with -pid (process ID) or -im (image name) and the name or process ID of the task that you want to terminate. Here are two examples of how this command works:
taskkill -pid 4104
taskkill -im iexplore.exe

FIND command

Searches for a specific string of text in a file or files. After searching the specified file or files, find displays any lines of text that contain the specified string.


find [/v] [/c] [/n] [/i"string" [[Drive:][Path]FileName[...]]


/v Displays all lines that do not contain the specified string.
/c Counts the lines that contain the specified string and displays the total.
/n Precedes each line with the file's line number.
/i Specifies that the search is not case-sensitive.
" string "   Required. Specifies the group of characters that you want to search for. You must enclose string in quotation marks (that is, "string").
[ Drive : ][ Path FileName   Specifies the location and name of the file in which to search for the specified string.
/?   Displays help at the command prompt.


  • Specifying a string
    If you do not use /ifind searches for exactly what you specify for string. For example, the find command treats the characters "a" and "A" differently. If you use /i, however, find is not case-sensitive and treats "a" and "A" as the same character.
    If the string you want to search for contains quotation marks, you must use two quotation marks for each quotation mark contained within the string (that is,"StringContaining""QuotationMarks").
  • Using find as a filter
    If you omit a file name, find acts as a filter, taking input from the standard input source (usually the keyboard, a pipe, or a redirected file) and then displaying any lines that contain string.
  • Ordering command syntax
    You can type parameters and command-line options for the find command in any order.
  • Using wildcards
    You cannot use wildcards (that is, * and ?) in file names or extensions that you specify with the find command. To search for a string in a set of files that you specify with wildcards, you can use the find command in a for command.
  • Using /v or /n with /c 
    If you use /c and /v in the same command line, find displays a count of the lines that do not contain the specified string. If you specify /c and /n in the same command line, find ignores /n.
  • Using find with carriage returns
    The find command does not recognize carriage returns. When you use find to search for text in a file that includes carriage returns, you must limit the search string to text that can be found between carriage returns (that is, a string that is not likely to be interrupted by a carriage return). For example, find does not report a match for the string "tax file" wherever a carriage return occurs between the word "tax" and the word "file."


To display all lines from that contain the string "Pencil Sharpener", type:
find "Pencil Sharpener"
To find a string that contains text within quotation marks, you must first enclose the entire string in quotation marks. Second, you must use two quotation marks for each quotation mark contained within the string. To find "The scientists labeled their paper "for discussion only." It is not a final report." in Report.doc, type:
find "The scientists labeled their paper ""for discussion only."" It is not a final report." report.doc
If you want to search for a set of files, you can use the find command with the for command. To search the current directory for files that have the extension .bat and that contain the string "PROMPT," type:
for %f in (*.bat) do find "PROMPT" %f 
To search your hard disk to find and display the file names on drive C that contain the string "CPU," use the pipe (|) to direct the results of a dir command to find as follows:
dir c:\ /s /b | find "CPU"
Because find searches are case-sensitive and dir produces uppercase output, you must either type the string "CPU" in uppercase letters or use the /i command-line option with find.