08-29-2020, 10:48 AM
Active Directory
1. To quickly list all the groups in your domain, with members, run this command:dsquery group -limit 0 | dsget group -members –expand
2. To find all users whose accounts are set to have a non-expiring password, run this command:
dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0
3. To list all the FSMO role holders in your forest, run this command:
netdom query fsmo
4. To refresh group policy settings, run this command:
gpupdate
5. To check Active Directory replication on a domain controller, run this command:
repadmin /replsummary
6. To force replication from a domain controller without having to go through to Active
Directory Sites and Services, run this command:
repadmin /syncall
7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:
set l
echo %logonserver%
8. To see what account you are logged on as, run this command:
whoami
9. To see what security groups you belong to, run this command:
whoami /groups
10. To see the domain account policy (password requirements, lockout thresholds, etc) run this command:
net accounts