Useful Administration Commands

What groups is this user a member of?

dsquery user -samid loginname | dsget user -memberof -expand

When did someone last change his password?

net user loginname /domain | find /I "password last set"

Is someone's account locked?

net user loginname /domain | find /I "account active"

List all domains and workgroups in the network

net view /domain

List all computers in the network

net view

List all domain controllers

nltest /dclist:contoso.com

netdom query dc /domain:domainname

List all member servers

netdom query server /domain:domainname

List all local administrators

net localgroup Administrators

List all ldap servers in domain

nslookup -type=srv _ldap._tcp.DOMAINNAME

Server not pinging

netsh firewall set icmpsetting 8

Remotely start terminal service

sc \\servername start termservice

Remotely check who is logged in to the server

query user /server:servername

quser /server:servername

qwinsta /server:servername

Log off remote users

logoff /server:servername id /v

Remotely reboot or shutdown a server

shutdown /i

shutdown /r /f /t 0 /m \\servername /c "Description"

List all users in a specific group (powershell)

import-module activedirectory

get-adgroupmember "domain admns" -recursive | select-object name

Check from which DC it's authenticating

set logon

echo %logonserver%

Restart Management Agents in ESXi

services.sh restart

Get NIC list and index number:

wmic nic get name, index

Enable NIC with index number: (eg: 7)

wmic path win32_networkadapter where index=7 call enable

Disable NIC with index number: (eg: 7)

wmic path win32_networkadapter where index=7 call disable

Get SID of any user

wmic useraccount where name='username' get sid

Change DNS IP Address in remote Windows Server

Open PowerShell as Administrator and run the following commands:

Invoke-Command -ComputerName "server1.bnv.com" -ScriptBlock {

$NetworkInterface = Get-NetAdapter -Name "Eathernet0"

$DNSServers = "10.10.10.10", "10.10.10.11"

$NetworkInterface |Set-DnsClientServerAddress -ServerAddress $DNSServers

}

Note: Replace $DNSServers IP with your DNS IP.

Repair a Windows Server

Open the command prompt as Administrator and run the following commands:

dism /online /cleanup-image /scanhealth

dism /online /cleanup-image /checkhealth

dism /online /cleanup-image /restorehealth

Mount the Windows Server 2016 ISO as a drive (E: in this case) and run the following command. Please check the WIM version before selecting it.

dism /online /cleanup-image /restorehealth /source:WIM:E:\sources\install.wim:1 /limitaccesssfc /scannow

Check Windows Update and install any pending updates.

Reboot the server.

To check the WIM version for various versions of OS, run the following command:

dism /Get-WimInfo /WimFile:E:\sources\install.wim

wim:1 – Windows Server 2019 Standard Installation: Server Core
wim:2 – Windows Server 2019 Standard (Desktop Experience)
wim:3 – Windows Server 2019 DataCenter Installation: Server Core
wim:4 – Windows Server 2019 DataCenter (Desktop Experience)

Register SPN for Windows Server

Suppose - 

The server name is - Server1

Alias name is - App1

AD Domain name is - company.local

• First, create a CNAME record for App1 against Server1 in DNS.
• Let it replicate properly.
• Once replication is done, login to Server1 and run the following commands in elevated mode:

netdom computername server1 /add:app1

netdom computername server1 /add:app1.company.local

• restart server1.

Check Microsoft Exchange Schema Version

# Exchange Schema Version

$sc = (Get-ADRootDSE).SchemaNamingContext

$ob = "CN=ms-Exch-Schema-Version-Pt," + $sc

Write-Output "RangeUpper: $((Get-ADObject $ob -pr rangeUpper).rangeUpper)" # Exchange Object Version (domain)

$dc = (Get-ADRootDSE).DefaultNamingContext

$ob = "CN=Microsoft Exchange System Objects," + $dc

Write-Output "ObjectVersion (Default): $((Get-ADObject $ob -pr objectVersion).objectVersion)" # Exchange Object Version (forest)

$cc = (Get-ADRootDSE).ConfigurationNamingContext

$fl = "(objectClass=msExchOrganizationContainer)"

Write-Output "ObjectVersion (Configuration): $((Get-ADObject -LDAPFilter $fl -SearchBase $cc -pr objectVersion).objectVersion)" # Exchange Object Version (configuration)

This script will give you the output in below format:

Post Schema Update :
RangeUpper: 15334
ObjectVersion (Default): 13243
ObjectVersion (Configuration): 16223

Get SID of Active Directory Forest

$rootDomainSid = (Get-ADDomain -Server (Get-ADForest).RootDomain).DomainSID.value

$hasher = [System.Security.Cryptography.HashAlgorithm]::Create('sha256')

$hash = $hasher.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($rootDomainSid))

$hashString = [System.BitConverter]::ToString($hash)

$hashString.Replace('-', '')

Get Extension Attributes for Azure AD User

Connect-AzureAD

Get-AzureADUser -ObjectID "xnverma@nilabh.com" | Select *

Get-AzureADUser -ObjectID "xnverma@nilabh.com" | Select -ExpandProperty ExtensionProperty