Archive for the ‘WMI’ Category

Active Directory quick queries

Saturday, January 31st, 2015

Here is reference to a few quick AD queries.

Dump of AD:

csvde -f ad.csv

List of Domain Controllers:

NLTEST /dclist:<myDomain>
NETDOM QUERY /D:<myDomain> DC
DSQUERY SERVER -o rdn

List of FSMO holders:

NETDOM QUERY /D:<myDomain> FSMO
DSQUERY SERVER -hasfsmo SCHEMA
DSQUERY SERVER -hasfsmo NAME
DSQUERY SERVER -domain <myDomain> -hasfsmo RID
DSQUERY SERVER -domain <myDomain> -hasfsmo PDC
DSQUERY SERVER -domain <myDomain> -hasfsmo INFR
DCDIAG /s:<myDC> /test:KnowsOfRoleHolders

List of Global Catalog holders:

DSQUERY SERVER -domain <myDomain> -isgc
NLTEST /dsgetdc:<myDomain> /GC
repadmin /options *
nslookup gc._msdcs.<myDomain>

List of Sites:

DSQUERY * "CN=Sites,CN=Configuration,DC=<my>,DC=<domain>" -scope onelevel -attr cn

Site where myDC belongs:

NLTEST /server:<myDC> /DsGetSite
Get-WmiObject -Namespace root\rsop\computer -Class RSOP_Session | select site
reg query \\<myDC>\HKLM\SYSTEM\CurrentControlSet\services\Netlogon\Parameters /v "DynamicSiteName"

List of preffered bridgeheads:

DSQUERY * "CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=<my>,DC=<domain>" -attr bridgeheadServerListBL

Domain Controller which authenticated my:

User account:
    NLTEST /dsgetdc:<myDomain>
    ECHO %LOGONSERVER%	

Computer account:
    NLTEST /sc_query:<myDomain>
    NETDOM verify <myComputer> /domain:<myDomain>

All users:

DSQUERY * -filter "(&(objectCategory=Person)(objectClass=User)) -attr sAMAccountName

Total number of users:

DSQUERY USER forestroot -o dn -limit 0 -name * | find /C /V "~~~~"

All active users:

DSQUERY * -filter "&(objectCategory=user)(userAccountControl=512)" -limit 0
512 - active
514 - disabled

Locked users:

DSQUERY * -filter "(&(objectCategory=Person)(objectClass=User)(lockoutTime>=1))"

Much more soon…

VBS scripts to query everything

Wednesday, December 24th, 2014

There are a few simple scripts developed by me to automate somehow regular reporting against set of servers. Result is usually presented in csv file to use it quickly in Excel or similar calculation software.

Scripts to query WMI:

Script to report installed roles and features:

getRoles.zip

usage: cscript /nologo getRoles.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FS1

Example of output file: getRoles_26-09-2014_12-30-14.csv

1
2
3
4
5
6
Server;Role ID;Role Name
DC1;256;Role Administration Tools
DC1;257;Active Directory Domain Services Tools
DC1;299;Active Directory Domain Controller Tools
DC2;6;File Services
DC2;9;Active Directory Lightweight Directory Services

Script to report info about installed services:

getServices.zip

usage: cscript /nologo getServices.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FS1

Example of output file: getServices_19-11-2013_07-30-15.csv

1
2
3
4
Server;Display Name;Start Mode;State;Status;Path Name;Account
FS1;Disk Defragmenter;Manual;Stopped;OK;C:\Windows\system32\svchost.exe -k defragsvc;localSystem 
FS1;DHCP Client;Auto;Running;OK;C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted;NT Authority\LocalService 
FS1;DNS Client;Auto;Running;OK;C:\Windows\system32\svchost.exe -k NetworkService;NT AUTHORITY\NetworkService

Script to report information about capacity of local disks:

getCapacity.zip

usage: cscript /nologo getCapacity.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FS1

Example of output file: getCapacity_01-10-2013_13-01-51.csv

1
2
3
4
Hostname;Drive;Size (GB);Used (GB);Free space (GB);Percent of free space
DC1;C:;59,95;27,03;32,92;54,91% 
DC2;E:;350,00;6,49;343,50;98,15% 
FS1;C:;29,30;28,09;1,21;4,11%

Script to report activation status:

getActivationStatus.zip

usage: cscript /nologo getActivationStatus.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FileServer1

Example of output file: getActivationStatus_17-06-2013_10-12-18.csv

1
2
3
4
Hostname;Activated;Product 
DC1;Activated;Windows Server(R), ServerEnterprise edition 
DC2;Activated;Windows Server(R), ServerEnterprise edition 
FS1;Activated;Windows Server(R), ServerStandard edition

Script to report about sharings:

getSharings.zip

usage: cscript /nologo getSharings.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FS1

Example of output:

1
2
3
4
5
6
7
Hostname;Share;Type;Path;Trustee;Permissions
FS1;print$;Disk Drive;C:\Windows\system32\spool\drivers;Everyone;READ
FS1;print$;Disk Drive;C:\Windows\system32\spool\drivers;Administrators;FULL CONTROL
FS1;Users;Disk Drive;C:\Users;Administrators;FULL CONTROL
FS1;Users;Disk Drive;C:\Users;Everyone;FULL CONTROL
FS1;Xerox Phaser 6110MFP;Printer Queue;Xerox Phaser 6110MFP,LocalsplOnly;Everyone;FULL CONTROL
FS1;Xerox Phaser 6110MFP;Printer Queue;Xerox Phaser 6110MFP,LocalsplOnly;ALL APPLICATION PACKAGES;FULL CONTROL

Scripts to query registry:

Script to report installed software:

getSoftware.zip

usage: cscript /nologo getSoftware.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FS1

Example of output file: getSoftware_12-06-2013_13-51-58.csv

1
2
3
4
Server;Name;Version;Publisher;Installation Date;Install Location
DC1;Adobe Flash Player 10 ActiveX;10.0.32.18;Adobe Systems Incorporated;;
DC1;FileZilla Client 3.2.4.1;3.2.4.1;;;C:\Program Files\FileZilla FTP Client
DC1;Windows Internet Explorer 7;20070813.185237;Microsoft Corporation;20090819;

Script to report status of WSUS:

getWSUS.zip

usage: cscript /nologo getWSUS.vbs servers.txt

Example of input file: servers.txt

1
2
3
DC1
DC2
FS1

Example of output:

1
2
3
4
Server;AUOptions;Description;Scheduled Install Date;Next Detection Time 
DC1;1;Never check for updates (not recommended);2013-03-02 00:00:00;2013-03-01 14:07:17 
DC2;2;Check for updates but let me choose wheter to download and install them;;2013-03-02 03:04:51
FS1;4;Install updates automatically (recommended);2013-03-02 02:00:00;2013-03-01 17:28:32

Scripts to query LDAP:

Script to enumarate groups where user, specified in input file, belongs to directly (nesting level = 0) and indirectly (nesting level > 0):

getMemberOf.zip

usage: cscript /nologo getMemberOf.vbs users.txt

Example of input file: users.txt

1
2
3
Administrator
myUser
myNextUser

Example of output:

1
2
3
4
User;Group;Nesting level
Administrator;Administrators;0
Administrator;Schema Admins;0
Administrator;Denied RODC Password Replication Group;1

Feel free to use them.