As much as I like Linux it is hard to beat Microsoft domain services. As a systems administrator/engineer checking the status of your domain services is critical. Somedays we forget the commands for our systems. Active Directory is a service that manages users, computers, security policies, and many other things within an environment. Windows and Linux alike now all utilize these services. Check these few commands to manage your domain.
Active Directory
1. To quickly list all the groups in your domain, with members, run this command:
dsquery group -limit 0 | dsget group -members –expand
2. To find all users whose accounts are set to have a non-expiring password, run this command:
dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0
3. To list all the FSMO role holders in your forest, run this command:
netdom query fsmo
4. To refresh group policy settings, run this command:
gpupdate /force
5. To check Active Directory replication on a domain controller, run this command:
repadmin /replsummary
6. To force replication from a domain controller without having to go through to Active Directory Sites and Services, run this command:
repadmin /syncall
7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:
set l
echo %logonserver%
8. To see what account you are logged on as, run this command:
whoami
9. To see what security groups you belong to, run this command:
whoami /groups
10. To see the domain account policy (password requirements, lockout thresholds, etc) run this command:
net accounts
Some of you may find these commands just an another day in the office but for some of us Active Directory just runs. The systems are normally stable until they aren’t. Practice some of these commands as there might be a time you will need them.
Can you hack it?
JT