Managing a Windows 2000 Active Directory with about 100 servers, over 1500
computers and 35 sites, the following commands often helped me answer questions
or solve problems.
Most commands are "one-liners", but for some I had to make an exception and go
to the right directory first.
These commands could all be used in batch files, though some may need some "parsing" with
FOR /F to
retrieve only the required substrings from the displayed information.
| Notes: | (1) | Commands that use external, or third party, or non-native utilities contain hyperlinks to these utilities' download sites. |
| (2) | Replace command arguments displayed in
italics
with your own values. |
|
| (3) | Commands or utilities that require Windows Server 2003 are marked bright blue. | |
| Warning: | Most commands on this page are very powerful tools. Like most powerful tools they could cause a lot of damage in the hands of insufficiently skilled users. Treat these commands like you would (or should) treat a chainsaw: with utmost care. Do not use them if you do not fully understand what they do or how they do it. Any damage caused using these commands is completely your own responsibility. |
Sometimes we may need to know how many users are logged on to a (file) server, like maybe when there is a performance degradation.
At the server's console itself, with native commands only:
NET SESSION | FIND /C "\\"
Remotely, with the help of SysInternals' PSTools:
PSEXEC \\servername NET SESSION | FIND /C "\\"
By replacing FIND /C "\\" by FIND "\\" (removing the /C switch) you'll get a list of logged on users instead of just the number of users.
We often need to know who is currently logged on to a remote computer.
With native Windows (up to and including XP) commands only:
NBTSTAT -a remotecomputer | FIND "<03>" | FIND /I /V "remotecomputer"
The first name in the list usually is the logged on user (try playing with the NET NAME command to learn more about the names displayed by NBTSTAT).
This is the fastest way to find the logged on user name, and the results that you do get are correct, but NBTSTAT won't always return a user name, even when a user is logged on.
Using WMIC (Windows XP Professional and later):
WMIC /Node:remotecomputer ComputerSystem Get UserName
This is arguably the most reliable (native) command to find out who is logged on.
With the help of SysInternals' PSTools:
PSLOGGEDON -L \\remotecomputer
or:
PSEXEC \\remotecomputer NET CONFIG WORKSTATION | FIND /I " name "
or:
PSEXEC \\remotecomputer NET NAME
or for Windows XP only:
PSEXEC \\remotecomputer NETSH DIAG SHOW COMPUTER /V | FIND /i "username"
Using REG.EXE (Windows 2000 and later):
FOR /F %%A IN ('REG Query \\remotecomputer\HKU ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (
FOR /F "tokens=3 delims=\" %%B IN ('REG Query "\\remotecomputer\%%A\Volatile Environment"') DO (
SET LoggedinUser=%%B
)
)
or for Windows 7:
FOR /F %%A IN ('REG Query \\remotecomputer\HKU /K /F "S-1-5-21-" ˆ| FINDSTR /R /B /C:"HKEY_USERS\\S-1-5-[0-9][0-9]-[0-9-]*$"') DO (') DO (
FOR /F "tokens=2*" %%B IN ('REG Query "\\remotecomputer\%%~A\Volatile Environment" /V "UserName" ˆ| FIND /V ":"') DO (
SET LoggedinUser=%%C
)
)
NETSH and WMIC are for XP or later, and are the most reliable of all commands shown here.
WMIC requires WMI enabled remote computers and Windows XP on the administrator's computer; NETSH requires Windows XP on the local and remote computers.
PSLOGGEDON is a more accurate solution than NBTSTAT, but it will return the last logged on user if no one is currently logged on.
The NET and NBTSTAT commands show more or less identical results, but the NBTSTAT command is much faster.
The REG command is accurate, but may need to be modified depending on the version used.
More information on REG versions can be found on my REG Query page.
For Windows NT 4 and 2000: use NBTSTAT (fast, but it won't always return the user name!), and only switch to REG if NBTSTAT doesn't return a user name (modify the REG command for Windows NT 4).
For Windows XP and later: if you want to search lots of computers for logged on users, I recommend you try NBTSTAT first (fast, but it won't always return the user name!), and only switch to NETSH, REG or WMIC (accurate) if NBTSTAT doesn't return a user name.
Credits: Jiří Janyška (WMIC command) and Matthew W. Helton (NETSH command).
My collegues often forget to mention their logon account name when
calling the helpdesk, and the helpdesk doesn't always ask either.
I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:
DSQUERY USER -name *lastname* | DSGET USER -samid -display
| Note: | Windows Server 2003's
"DSTools"
will work fine in Windows 2000 and XP too, when copied. Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories. |
With the native NET command:
NET USER loginname /DOMAIN | FIND /I " name "
With (native) Windows Server 2003 commands:
DSQUERY USER -samid *loginname* | DSGET USER -samid -display
| Note: | The NET command may seem more universal, because it requires neither
Active Directory nor Windows Server 2003 commands, but it is
language dependent! For non-English Windows you may need to modify FIND's search string. |
In Windows NT 4 and later, users usually are members of global groups.
These global groups in turn are members of (domain) local groups.
Access permissions are given to (domain) local groups.
To check if a user has access to a resource, we need to check group membership
recursively.
With (native) Windows Server 2003 commands:
DSQUERY USER -samid loginname | DSGET USER -memberof -expand
One could use the previous command to check what
permissions a user has on a certain directory.
However, sometimes SHOWACLS from the
Windows Server 2003 Resource Kit Tools is a better alternative:
CD /D d:\directory2check SHOWACLS /U:domain\userid
With the native NET command:
NET USER loginname /DOMAIN | FIND /I "Password last set"
With the native NET command:
NET USER loginname newpassword /DOMAIN
With (native) Windows Server 2003 commands:
DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword
| Note: | To prevent the new password from being displayed on screen replace it with an asterisk (*); you will then be prompted (twice) to type the new password "blindly". |
With the native NET command:
NET USER loginname /DOMAIN | FIND /I "Account active"
The account is either locked ("Locked") or active ("Yes").
With the native NET command:
NET USER loginname /DOMAIN /ACTIVE:YES
or, if the password needs to be reset as well:
NET USER loginname newpassword /DOMAIN /ACTIVE:YES
With WMIC (Windows XP Professional or later):
WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="FALSE"
With WMIC (Windows XP Professional or later):
WMIC.EXE /Node:remotecomputer Path Win32_UserAccount Where Name="user" Set PasswordExpires="TRUE"
With the native NET command:
NET VIEW /DOMAIN
With the native NET command:
NET VIEW
or, to list the names only:
FOR /F "skip=3 delims=\ " %%A IN ('NET VIEW') DO ECHO.%%A
delims is a backslash, followed by a tab and a space.
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain DC
NETDOM is part of the support tools found in the
\SUPPORT directory of the Windows 2000
installation CDROM.
With (native) Windows Server 2003 commands (Active Directory only):
DSQUERY Server
or, if you prefer host names only (tip by Jim Christian Flatin):
DSQUERY Server -o rdn
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain PDC
or, to find the FSMO with (native) Windows Server 2003 commands (Active Directory only):
NETDOM QUERY /D:mydomain.com FSMO
NETDOM is part of the support tools found in the
\SUPPORT directory of the Windows 2000
installation CDROM.
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain SERVER
NETDOM is part of the support tools found in the
\SUPPORT directory of the Windows 2000
installation CDROM.
With native Windows 2000 commands:
NETDOM QUERY /D:MyDomain WORKSTATION
NETDOM is part of the support tools found in the
\SUPPORT directory of the Windows 2000
installation CDROM.
With native Windows 2000 commands:
NETDOM /DOMAIN:MyDomain MEMBER \\computer2Bdeleted /DELETE
NETDOM is part of the support tools found in the
\SUPPORT directory of the Windows 2000
installation CDROM.
Sounds familiar?
With (native) Windows XP Professional or Windows Server 2003 commands:
FOR /F %%A IN (servers.txt) DO ( WMIC /Node:%%A LogicalDisk Where DriveType="3" Get DeviceID,FileSystem,FreeSpace,Size /Format:csv | MORE /E +2 >> SRVSPACE.CSV )
The only prerequisites are:
The CSV file format is ServerName,DeviceID,FileSystem,FreeSpace,Size (one line for each harddisk partition on each server).
If you have a strict server naming convention, SERVERS.TXT itself can
be generated with the NET command:
FOR /F "delims=\ " %%A IN ('NET VIEW ^| FINDSTR /R /B /C:"\\\\SRV\-"') DO (>>SERVERS.TXT ECHO.%%A)
| Notes: | (1) | assuming server names start with "SRV-"; modify to match your own naming convention. |
| (2) | delims is a backslash, followed by a tab and a space. |
With (native) Windows XP Professional or Windows Server 2003 commands:
DRIVERQUERY /V /FO CSV > %ComputerName%.csv
Or, for remote computers:
DRIVERQUERY /S remote_PC /V /FO CSV > remote_PC.csv
With (native) Windows XP+ commands:
WMIC /Node:remote_PC Path Win32_Printer Get DeviceID
With (native) Windows NT 4+ commands:
NET LOCALGROUP Administrators
Or, to remove header and footer lines:
FOR /F "delims=[]" %%A IN ('NET LOCALGROUP Administrators ˆ| FIND /N "----"') DO SET HeaderLines=%%A
FOR /F "tokens=*" %%A IN ('NET LOCALGROUP Administrators') DO SET FooterLine=%%A
NET LOCALGROUP Administrators | MORE /E +%HeaderLines% | FIND /V "%FooterLine%"
Never had an "illegal" router wreaking havoc on your network yet...?
With a (native) Windows Server 2003 command:
DHCPLOC -p local_IP_address [ valid_DHCP_server1 [ valid_DHCP_server2 [ .. ] ] ]
DHCPLOC.EXE is native in Windows Server 2003, and will run in Windows XP if copied/installed.
I didn't test this in Windows Server 2003 yet, but in Windows XP you need to press "d" to start the discovery, or "q" to quit.
Disable the firewall only when the computer (e.g. a laptop) is connected to the domain:
NETSH Firewall Set OpMode Mode = DISABLE Profile = DOMAIN
Disable the firewall comletely (not recommended unless an alternative enterprise firewall is used that requires you to do so):
SC [ \\Remote_computer ] Stop SharedAccess SC [ \\Remote_computer ] Config SharedAccess start= disabled
Check if IP v4 is supported on the local computer:
PING 127.0.0.1 | FIND "TTL=" >NUL 2>&1 IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)
or:
WMIC Path Win32_PingStatus WHERE "Address='127.0.0.1'" Get StatusCode /Format:Value | FINDSTR /X "StatusCode=0" >NUL 2>&1 IF ERRORLEVEL 1 (ECHO IP v4 NOT supported) ELSE (IP v4 supported)
The WMIC command is faster, but requires Windows XP Professional or later.
Check if IP v6 is supported on the local computer:
PING ::1 | FINDSTR /R /C:"::1:[ˆ$]" >NUL 2>&1 IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)
or:
WMIC Path Win32_PingStatus WHERE "Address='::1'" Get StatusCode >NUL 2>&1 IF ERRORLEVEL 1 (ECHO IP v6 NOT supported) ELSE (IP v6 supported)
The WMIC command is faster, but requires Windows XP Professional or later.
Windows 7 and 8:
DISM /Online /Get-Packages
or:
WMIC QFE List
DISM will return far more details than WMIC.
Windows 2000 and XP:
QFECHECK /V
More information on the NET command.
More information on Microsoft's "DSTools" (DSADD, DSGET, DSMOD, DSMOVE, DSQUERY and DSRM) and other native Windows command line tools.
More information on Windows XP's NETSH command, by Microsoft.
How to use NETSH to automate changing TCP/IP network settings.
More information on Microsoft's NETDOM command line tool.
More information on Microsoft's WMIC command line tool.
The PSTools: and many other useful tools can be found at SysInternals.
A list of some of the available Resource Kits.
Download Microsoft's Windows Server 2003 Resource Kit Tools.
Download several Windows 2000 Resource Kit Tools for free from Microsoft's web site.
| page last uploaded: 10 January 2013, 09:15 |