Active Directory Tips & Tricks

1. To quickly list all the groups in your domain, with members, run this command:

dsquery group -limit 0 | dsget group -members –expand

2. To find all users whose accounts are set to have a non-expiring password, run this command:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3. To list all the FSMO role holders in your forest, run this command:

netdom query fsmo

4. To refresh group policy settings, run this command:

gpupdate

5. To check Active Directory replication on a domain controller, run this command:

repadmin /replsummary

6. To force replication from a domain controller without having to go through to Active

Directory Sites and Services, run this command:

repadmin /syncall

7. To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:

set l

echo %logonserver%

8. To see what account you are logged on as, run this command:

whoami

9. To see what security groups you belong to, run this command:

whoami /groups

10. To see the domain account policy (password requirements, lockout thresholds, etc) run this command:

net accounts