Active Directory quick queries

Here is reference to a few quick AD queries.

Dump of AD:

csvde -f ad.csv

List of Domain Controllers:

NLTEST /dclist:<myDomain>
NETDOM QUERY /D:<myDomain> DC
DSQUERY SERVER -o rdn

List of FSMO holders:

NETDOM QUERY /D:<myDomain> FSMO
DSQUERY SERVER -hasfsmo SCHEMA
DSQUERY SERVER -hasfsmo NAME
DSQUERY SERVER -domain <myDomain> -hasfsmo RID
DSQUERY SERVER -domain <myDomain> -hasfsmo PDC
DSQUERY SERVER -domain <myDomain> -hasfsmo INFR
DCDIAG /s:<myDC> /test:KnowsOfRoleHolders

List of Global Catalog holders:

DSQUERY SERVER -domain <myDomain> -isgc
NLTEST /dsgetdc:<myDomain> /GC
repadmin /options *
nslookup gc._msdcs.<myDomain>

List of Sites:

DSQUERY * "CN=Sites,CN=Configuration,DC=<my>,DC=<domain>" -scope onelevel -attr cn

Site where myDC belongs:

NLTEST /server:<myDC> /DsGetSite
Get-WmiObject -Namespace root\rsop\computer -Class RSOP_Session | select site
reg query \\<myDC>\HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v "DynamicSiteName"

List of preffered bridgeheads:

DSQUERY * "CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=<my>,DC=<domain>" -attr bridgeheadServerListBL

Domain Controller which authenticated my:

User account:
    NLTEST /dsgetdc:<myDomain>
    ECHO %LOGONSERVER%	

Computer account:
    NLTEST /sc_query:<myDomain>
    NETDOM verify <myComputer> /domain:<myDomain>

All users:

DSQUERY * -filter "(&(objectCategory=Person)(objectClass=User)) -attr sAMAccountName

Total number of users:

DSQUERY USER forestroot -o dn -limit 0 -name * | find /C /V "~~~~"

All active users:

DSQUERY * -filter "&(objectCategory=user)(userAccountControl=512)" -limit 0
512 - active
514 - disabled

Locked users:

DSQUERY * -filter "(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))"

Much more soon…

Leave a Reply