Labels

Sunday, September 7, 2008

Useful command-lines

There are currently 425 commands in this post that I've found useful in some way over the years. Note that many of the command-line calls may require Microsoft utilities (such as dsquery, ldifde, dnscmd), or custom written scripts that can be posted when requested.

Most of the commands are for the windows-based command interpreter, with a few PowerShell and ESX service console commands creeping in. They range from diagnostics, troubleshooting and simply automating recurring tasks.

Each command-line can be copied and pasted at the command prompt, if you use a batch file you'll need to reference variables with double-percent (%%).

The idea is that almost anything is possible from the command-line, and there are very few things that aren't possible in a single line (especially with delayed environment variable expansion - see cmd /?).


FSMO Roles
ntdsutil roles Connections "Connect to server %logonserver%" Quit "select Operation Target" "List roles for conn server" Quit Quit Quit
Domain Controllers
Nltest /dclist:%userdnsdomain%

Domain Controller IP Configuration
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do psexec \\%i ipconfig /all >> DC_IPConfig.txt

Stale computer accounts
dsquery computer domainroot -stalepwd 180 -limit 0 > ComputerAccounts+180.txt

Stale user accounts
dsquery user domainroot -stalepwd 180 -limit 0 > UserAccounts+180.txt

Disabled user accounts
dsquery user domainroot -disabled -limit 0 > UserAccountsDisabled.txt

User logon statistics
cscript FindUserLogonCount.wsf (custom written VBScript)

AD Database disk usage
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do dir \\%i\d$\ntds >> NTDS_Size_%userdomain%.txt

Global Catalog Servers from DNS
dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp find /i "3268"

Global Catalog Servers from AD
dsquery * "CN=Configuration,DC=forestRootDomain" -filter "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"

Users with no logon script
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))" -limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName

User accounts with no pwd required
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))"

User accounts with no pwd expiry
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"

User accounts that are disabled
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))"

User accounts with no password expiry and not disabled
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2))"

DNS Information
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do dnscmd %i /info

DNS Zone Detailed information
dnscmd /zoneinfo %userdnsdomain%

Tombstoned AD objects
Adrestore.exe (sysinternals utility)

Garbage Collection and tombstone
dsquery * "cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,DC=forestRootDomain" -attr garbageCollPeriod tombstoneLifetime

Netsh authorised DHCP Servers
netsh dhcp show server

DSQuery authorised DHCP Servers
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers

DHCP server information
netsh dhcp server \\DHCP_SERVER show all

DHCP server dump
netsh dhcp server \\DHCP_SERVER dump > dhcp.txt

WINS serer information
Netsh wins server \\WINS_SERVER dump > wins.txt

Group Policy Verification Tool
gpotool.exe /checkacl /verbose

AD OU membership
dsquery computer -limit 0

AD OU membership
dsquery user -limit 0

List Service Principal Names
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do setspn -L %i

Compare DC Replica Object Count
dsastat –s:DC1;DC2;... –b:Domain –gcattrs:objectclass –p:999

Check AD ACLs
acldiag dc=domainTree

NTFRS Replica Sets
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do ntfrsutl sets %i

NTFRS DS View
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do ntfrsutl ds %i

Domain Controllers per site
Dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -filter (objectCategory=Server)

DNS Zones in AD
for /f %i in ('dsquery server -o rdn') do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)

Enumerate DNS Server Zones
for /f %i in ('dsquery server -o rdn') do dnscmd %i /enumzones

Subnet information
Dsquery subnet –limit 0

List Organisational Units
Dsquery OU

ACL on all OUs
For /f “delims=” %i in ('dsquery OU') do acldiag %i >> ACLDiag.txt

Domain Trusts
nltest /domain_trusts /v

Print DNS Zones
dnscmd DNSServer /zoneprint DNSZone

Last 50 leases on DHCP servers
for /f %i in (DHCPServers.txt) do echo %i && tail -50 \\%i\c$\WINNT\system32\dhcp\DhcpSrvLog.Tue

Active DHCP leases
For /f %i in (DHCPServers.txt) do for /f “delims=- ” %j in ('"netsh dhcp server \\%i show scope find /i "active""') do netsh dhcp server \\%i scope %j show clientsv5 >> DHCPClients_%i.txt

DHCP clients from all servers
Find /i “255.” DHCPClients_*.txt find /i “255.” > DHCPClientsAll.txt

DHCP Server Active Scope Info
For /f %i in (DHCPServers.txt) do netsh dhcp server \\%i show scope find /i "active" >> DHCPInfo_%i.txt

Find Subnets from DHCP clients
FindSubnets.bat 'Output from Active DHCP leases'

Resolve DHCP clients hostnames
for /f "tokens=1,2,3 delims=," %i in (Output from 'Find Subnets from DHCP clients') do @for /f "tokens=2 delims=: " %m in ('"nslookup %j find /i "Name:""') do echo %m,%j,%k,%i

Find two online PCs per subnet
Echo. > TwoClientsPerSubnet.txt & for /f "tokens=1,2,3,4 delims=, " %i in ('"find /i "pc" 'Output from Resolve DHCP clients hostnames'"') do for /f "tokens=3 skip=1 delims=: " %m in ('"Find /i /c "%l" TwoClientsPerSubnet.txt"') do If %m LEQ 1 for /f %p in ('"ping -n 1 %i find /i /c "(0% loss""') do If %p==1 Echo %i,%j,%k,%l >> TwoClientsPerSubnet.txt

Find unique Subnets
for /f "delims=" %i in (Output from FindSubnets) do @Find /i "%i" UniqueSubnets.txt 1>nul 2>nul & @if ErrorLevel 1 echo %i >> UniqueSubnets.txt

AD Subnet and Site Information
dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn siteObject description location

Find DHCP Scopes not in AD
for /f "tokens=1,2" %i in (Output from 'Find Unique Subnets') do @for /f "skip=2 delims==" %m in ('find /i "%j" SubnetMaskShorthand.txt') do @find /i "%i/%m" Output from 'AD Subnet and Site Information' >NUL & @If ErrorLevel 1 for /f "skip=1 tokens=2 delims=:" %p in ('find /i /c "%i %j" Output from 'Find Subnets from formatted output'') do @Echo %i/%m,%p

AD Site Information
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn description location -filter (objectClass=site)

Printer Queue Objects in AD
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0

Group Membership with user details
dsget group "groupDN" -members dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr

DHCP Clients Per AD Site
for /f "tokens=1,2,3 delims=/ " %i in (Output from 'AD Subnet and Site Information') do @For /f "skip=2 tokens=1,2 delims==" %m in ('find /i "%j=" SubnetMaskShorthand.txt') do @For /f "skip=1 tokens=2 delims=:" %p in ('find /i /c "%i,%n" Output from 'Find Subnets from DHCP clients') Do @Echo %i/%m,%p,%k

DHCP Servers Per AD Site
for /f "tokens=1,2 delims=/" %i in (SiteClientCounts.txt) do @for %k in ("Output from ‘DHCP Server Active Scope Info’") do @find /i "%i" "%k" >nul & If ErrorLevel 0 if Not ErrorLevel 1 echo %i/%j,%~nk

Total DHCP Scopes
find /i "subnet" "Output from DHCP server information" find /i "subnet"

Site Links and Cost
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn cost description replInterval siteList -filter (objectClass=siteLink)

Time gpresult
timethis gpresult /v > GPResult_%ComputerName%.txt 2<&1 Check time against Domain w32tm /monitor /computers:ForestRootPDC > %temp%\Time.txt

Domain Controller Diagnostics
dcdiag /s:%logonserver% /v /e /c

Domain Replication Bridgeheads
repadmin /bridgeheads

Replication Failures from KCC
repadmin /failcache

Inter-site Topology servers per site
Repadmin /istg * /verbose

Replication latency
repadmin /latency /verbose

Queued replication requests
repadmin /queue *

Show connections for a DC
repadmin /showconn *

Replication summary
Repadmin /replsummary

Show replication partners
repadmin /showrepl * /all

All DCs in the forest
repadmin /viewlist *

ISTG from AD attributes
dsquery * "CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr interSiteTopologyGenerator

Return the object if KCC Intra/Inter site is disabled for each site
Dsquery site dsquery * -attr * -filter "((Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))"

Find all connection objects
dsquery * forestRoot -filter (objectCategory=nTDSConnection) –attr distinguishedName fromServer whenCreated displayName

Find all connection schedules
adfind -b "cn=Configuration,DC=forestRootDomain" -f "objectcategory=ntdsConnection" cn Schedule -csv

Software Information for each server
for /f %i in (Output from 'Domain Controllers') do psinfo \\%i > ServerInfo_%i.txt & filever \\%i\admin$\explorer.exe \\%i\admin$\system32\vbscript.dll \\%i\admin$\system32\kernel32.dll \\%i\admin$\system32\wbem\winmgmt.exe \\%i\admin$\system32\oleaut32.dll >> ServerInfo_%i.txt

Check Terminal Services Delete Temp on Exit flag
For /f %i in (Output from 'Domain Controllers') do Reg query “\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v DeleteTempDirsOnExit

For each XP workstation, query the current site and what Group Policy info
dsquery * domainroot -filter "(&(objectCategory=Computer)(operatingSystem=Windows XP Professional))" -limit 0 -attr cn > Workstations.txt & @For /f %i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel 0 If NOT ErrorLevel 1 @Echo %i & for /f "tokens=3" %k in ('"reg query "\\%i\hklm\software\microsoft\windows\currentversion\group policy\history" /v DCName Find /i "DCName""') do @for /f %m in ('"nltest /server:%i /dsgetsite find /i /v "completed successfully""') do @echo %i,%k,%m

Time offsets from client diagnostics
for %i in (*time*.txt) do @for /f "tokens=2 delims=:" %j in ('"find /i "NTP:" %i find /i "NTP:""') do @echo %i,%j

Information on existing GPO’s
dsquery * "CN=Policies,CN=System,domainRoot" -filter "(objectCategory=groupPolicyContainer)" -attr displayName cn whenCreated gPCFileSysPath

Copy all Group Policy .pol files
for /f "tokens=1-8 delims=\" %i in ('dir /b /s \\%dc%\sysvol\%userdnsdomain%\policies\*.pol') do @echo copy \\%i\%j\%k\%l\%m\%n\%o %m_%n.pol

Extract the registry entries from each Group Policy pol file
for %i in (*.pol) do regview %i > %i.txt

Find policy changes for each policy
for /f "tokens=1,2 delims=," %i in (Output from 'Extract policy registry entries') do for /f "tokens=2 delims=:" %k in ('"find /i /c "valuename" %~nj*.txt find /i "%~nj""') do @echo %i,%j,%k

Domain Controller Netlogon entries
for /f %i in ('dsquery server /o rdn') do echo %i & reg query \\%i\hklm\system\currentcontrolset\services\netlogon\parameters

Find site links that contain two sites with Domain Controllers
for /f "tokens=1,2 delims=-" %i in (Sites.txt) do @find /i "%i" DCs.txt >nul & if errorlevel 0 if not errorlevel 1 @find /i "%j" DCs.txt find /i /v "----------"

WINS Statistics
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show statistics >> WINSConfig_%j.txt

WINS Record counts per server
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show reccount %i >> WINSRecordCount.txt

WINS Server Information
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show info >> WINSConfig_%i.txt

WINS Server Dump
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i dump > WINSConfig_%i.txt

WINS Static Records per Server
netsh wins server \\LocalWINSServer show database servers={} rectype=1

Find policy display name given the GUID
dsquery * "CN=Policies,CN=System,DC=domainRoot" -filter (objectCategory=groupPolicyContainer) -attr Name displayName

Find empty groups
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 -attr whenCreated whenChanged groupType sAMAccountName distinguishedName memberOf

Find remote NIC bandwidth
wmic /node:%server% path Win32_PerfRawData_Tcpip_NetworkInterface GET Name,CurrentBandwidth

Find remote free physical memory
wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory

Find remote system information
SystemInfo /s %Computer%

Disk statistics, including the number of files on the filesystem
chkdsk /i /c

Query IIS web sites
iisweb /s %Server% /query "Default Web Site"

Check port state and connectivity
portqry -n %server% -e %endpoint% -v

Forest/Domain Functional Levels
ldifde -d cn=partitions,cn=configuration,dc=%domain% -r "((systemFlags=3)(systemFlags=-2147483648))" -l msds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -f con (see http://support.microsoft.com/kb/322692 and http://support.microsoft.com/kb/224386)

Forest/Domain Functional Levels
dsquery * cn=partitions,cn=configuration,dc=%domain% -filter "((systemFlags=3)(systemFlags=-2147483648))" -attr msDS-Behavior-Version Name dnsroot ntmixeddomain NetBIOSName (see http://support.microsoft.com/kb/322692 and http://support.microsoft.com/kb/224386)

Find the parent of a process
wmic path Win32_Process WHERE Name='%ProcessName%' GET Name,ParentProcessId

Lookup SRV records from DNS
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}

Find when the AD was installed
dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base

Enumerate the trusts from the specified domain
dsquery * "CN=System,DC=domainRoot" -filter "(objectClass=trustedDomain)" -attr trustPartner flatName

Find a DC for each trusted domain
for /f "skip=1" %i in ('"dsquery * CN=System,DC=domainRoot -filter (objectClass=trustedDomain) -attr trustPartner"') do nltest /dsgetdc:%i

Verify automatic external LDAP referrals are working
dsquery * dc=common,dc=local

Check the password filter is installed on all DCs
for /f %i in ('dsquery server /o rdn') do @for /f "tokens=4" %m in ('"reg query \\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "Notification Packages" find /i "Notification""') do @echo %i,%m

List ACLs in SDDL format
setacl -on %filepath% -ot file -actn list -lst f:sddl

PSCP secure copy a file
pscp %file% %user%@%target%:/target/path

Find out if a user account is currently enabled or disabled
dsquery user DC=%userdnsdomain:.=,DC=% -name %username% dsget user -disabled -dn

Find 2003 servers in the domain
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0

Open DS query window
rundll32 dsquery,OpenQueryWindow

Add a host record in DNS
dnscmd %dnsserver% /recordadd %zone% %relative_name% A %ip%

Accept a input and store in a variable
set /p <variable>=<prompt>

Remote Computer Management MMC
compmgmt.msc /computer=%1

Create a placeholder file
fsutil file createnew <filename> <size>

Device Manager showing hidden devices
SET DEVMGR_SHOW_NONPRESENT_DEVICES=1 & Devmgmt.msc

Logical Disk Information
wmic /node:%server% path Win32_LogicalDisk

Physical Disk Information
wmic /node:%server% path Win32_DiskPartition

Echo both stdout and stderr to the same file
> output.txt 2<&1

Servers in the directory and their description
dsquery * -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*server*))" -limit 0 -attr cn description

Enumerate all records from a DNS zone
dnscmd %server% /enumrecords %zone% @ /additional /continue > DNS_all.txt

Find aging records from an enumerated zone
find /i "aging:" DNS_all.txt > DNS_aging.txt

DNS Scavenging check, based on the output of aging records from dnscmd.exe
cscript DNSScavengeTest.wsf /f:DNS_aging.txt

For the first token in each line in A, compare the second token in B
for /f "tokens=1-3 delims=," %i in ('"find /i /v "<exclude>" a.txt"') do @for /f "tokens=1-3 skip=2 delims=," %m in ('"find /i "%i" b.txt"') do @if /i "%i"=="%m" @if /i "%j" NEQ "%n" @echo %i,%j,%n

For the first token in each line in A, find not in B
for /f "skip=2 delims=," %i in ('" find /i /v "<exclue>" a.txt"') do @find /i "%i" b.txt 1>nul 2>nul & @if errorlevel 1 echo %i

Query DNS objects from the directory
dsquery * DC=<zone>,CN=MicrosoftDNS,cn=System,dc=<domainroot>

Start DNS scavenging
dnsmd /startscavenging

Find the DFS roots from Active Directory
dsquery * "CN=DFS Volumes,CN=File Replication Service,CN=System,DC=domainRoot"

Find the DFS roots using dfsutil
dfsutil /domain:%domain% /view

View info on a DFS root
dfsutil /root:<dfsroot> /view

Port Query testing network connectivity to the specified endpoint
portqry -n %target% -e 135

Test RPC endpoints
rpcdump /s %computer% /v /i

Extract a cabinet from an MSI stream
msidb -d "%msi%" -x "%cabinet name%" (get the cabinet name from the Media table using orca, and the filenames from the File table)

Delete a host record from DNS
dnscmd %server% /recorddelete %zone% @ A %IP%

Add a CNAME record to DNS
dnscmd %server% /recordadd %zone% %AliasName% CNAME %HostnameAliasing%

Add a system environment variable
setenv -a test %path%;%AdminRoot%\Utils

Check for a schema attribute
dsquery * "CN=Schema,CN=Configuration,DC=forestRoot" -filter "(&((cn=%ObjectName*)((objectCategory=classSchema)(objectCategory=attributeSchema))))"

Determine the DNS suffix search list set through policy for a computer
reg query "\\%Computer%\HKEY_LOCAL_MACHINE\software\policies\microsoft\Windows NT\DNSClient" /v SearchList

Find servers and the description recorded with the computer account
dsquery * %domainRoot% -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0 -attr cn distinguishedName Description

Find DCs in the specified site from AD
dsquery * "CN=%SiteName%,CN=Sites,CN=Configuration,DC=root,DC=local" -filter "&(objectClass=server)(objectCategory=server)"

Lock the workstation from the commandline
%windir%\System32\rundll32.exe user32.dll, LockWorkStation

Perform idle time optimisation (eg. file placement optimisation)
rundll32.exe advapi32.dll,ProcessIdleTasks

Hardware Installation from an INF file
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall

Refresh network configuration after policy changes (eg SearchList)
RunDLL32.EXE netshell.dll,NetSetupFinishInstall

Query SMS inventory information from the commandline
wmic /namespace:\\root\sms\site_%SiteCode% /node:%Computer% path SMS_G_System_SYSTEM_ENCLOSURE WHERE ResourceID='%RID%'

Determine whether an attribute is replicated in AD
dsquery * cn=%AttributeName%,cn=schema,cn=configuration,dc=forestRootDomain -filter "!(&(systemFlags:1.2.840.113556.1.4.803:=1))"

Find customised Service Connection Points of type RISServer
dsquery * -filter "&((objectClass=ConnectionPoint)(objectCategory=ServiceConnectionPoint)(keywords=RISServer))" -attr serviceDNSName

Find intellimirror SCPs fpr RIS servers
dsquery * -filter "&((objectClass=ConnectionPoint)(objectCategory=IntellimirrorSCP)(netbootServer=*))" -attr netbootServer

Find remote connections to a server
wmic /node:%server% path win32_serverconnection

Find remote sessions to a server
wmic /node:%server% path win32_serversession

Find security patches applicable on a machine with MBSA
wmic /node:%computer% path Win32_PatchState

For services that aren't running, find their start type
for /f "skip=4 tokens=1-3" %i in ('sclist \\%computer%') do @if "%i" NEQ "running" @for /f "tokens=4" %m in ('"sc \\%computer% qc %j find /i "START_TYPE""') do @echo %i,%j,%k,%m

For computers listed, if a service exists, start it
for /f %i in (computers.txt) do sclist \\%i find /i "%service_name%" && sc \\%i start "%service_name%"

Query a registry value of multiple computers
for %i in (PC1 PC2 PC3) do @Echo %i & reg query \\%i\hklm\software\%key% /v %Value% find /i "%Value%"

Query the creation date of multiple computers
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)((cn=PC1)(cn=PC2)(cn=PC3)))" -attr CN whenCreated

Query SMS for the creation date of computer records
select Name0, Creation_Date0 from v_r_system where name0 in('PC1','PC2','PC3')

Find RIS servers hosting the specified image
for /f "tokens=2 skip=1 delims==, " %i in (RIS_Servers.txt) do @if exist \\%i\reminst\setup\english\%Source% @echo %i

Modify Outlook to allow access to blocked attachements
reg add HKU\S-1-5-21-2091930395-2002392527-14044502-274471\Software\Microsoft\Office\11.0\Outlook\Security /v Level1Remove /t reg_sz /d ".exe"

Open the Find Files Dialog Box
echo Set objShell = CreateObject("Shell.Application") > test.vbs && Echo objShell.FindFiles >> test.vbs && cscript test.vbs

Query for the zones hosted on a Microsoft DNS server
wmic /namespace:\\root\microsoftdns /node:%server% path MicrosoftDNS_Zone

Query zone resource records on a Microsoft DNS server
wmic /namespace:\\root\microsoftdns /node:%server% path MicrosoftDNS_ResourceRecord WHERE ContainerName='%zone_name%'

Query DNS forest-wide partition replica
dsquery * "DC=ForestDNSZones,dc=forestRootDomain

View Software Installation controlled through AD, both current and history
gpsiviewer.exe

View Group Policy application times
gptime

Remote GP Update
rgprefresh

Find the tail of lines between two strings to display
for /f "delims=[]" %i in ('"find /i /N "Forwarders:" A.txt"') do for /f "delims=[]" %m in ('"find /i /N "Command completed successfully." A.txt"') do for /f %p in ('set /a %m-%i') do echo %p

Find DNS Forwarder information from dnscmd output
for %b in (DNS*.txt) do @for /f "skip=2 delims=[]" %i in ('"find /i /N "Forwarders:" %b"') do @for /f "skip=2 delims=[]" %m in ('"find /i /N "Command completed successfully." %b"') do @for /f %p in ('set /a %m-%i') do echo tail -%p %b

Dump account lockout eventlog entries from all DCs for the last five days
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do echo dumpel.exe -e 644 -l Security -m Security -s %i -c -d 5

List primary reverse lookup zones from a DNS server
dnscmd %server% /EnumZones /secondary /reverse

List allowed secondary servers for the specified zone
dnscmd %server /zoneinfo %ip%.in-addr.arpa SecondaryServers

Turn on RIS debugging
reg add \\%server%\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Binlsvc\Parameters /v Debug /t reg_dword /d 0x80FFFFFF & sc \\%server% stop binlsvc & sc \\%server% start binlsvc

Query for universal groups
dsquery * dc=%forestRootDomain% -filter "(&(objectCategory=group)(groupType=-2147483640))"

Trigger a command to run on a specific event
eventtriggers /create /TR Test /L Security /EID 680 /T SUCCESSAUDIT /TK calc.exe

Create an XML file with the MD5 hashes of a set of files
FCIV

Find the shell extensions currently loaded
ShexView

Find server information
srvinfo.exe

LDAP Query from eDirectory
ldifde -d %rootDN% -s %NetwareServer% -f output.ldf -a "%UserDN%" *

csvde export form eDirectory
csvde -f OutputFile.csv -a "%UserDN%" * -r "(Objectclass=user)" -d "%rootDN%" -s NetwareServer%

Dump the VMware IP config
cat /proc/vmware/net/tcpip/ifconfig

View network traffic in the vswif service console interface
/usr/sbin/tcpdump -i vswif0 grep -v ssh

Query for the display specifiers in the AD user class
dsquery * "CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,%forestrootDomain%" -attr *

Query VMs and their MAC addresses from the VC database
sqlcmd -S %sqlServer% -d %Database% -W -s "," -q "select ENT.Name, NET.MAC_Address from VPX_GUEST_NET_ADAPTER NET inner join VPX_ENTITY ENT on NET.VM_ID = ENT.ID"

Check the Legato AAM HA agent
cat /opt/LGTOaam512/log/aam_config_util_addnode.log

VMware HA Legato AAM, list the cluster manager
/opt/LGTOaam512/bin/ftcli -domain vmware -timeout 60 -cmd "listrules"
(run 'FT_DIR=/opt/LGTOaam512' and then 'export FT_DIR' first)

VMware HA Legato AAM, list the cluster nodes
/opt/LGTOaam512/bin/ftcli -domain vmware -connect %node% -port 8042 -timeout 60 -cmd "listnodes"
(run 'FT_DIR=/opt/LGTOaam512' and then 'export FT_DIR' first)

Query the Virtual Centre/VC database for Virtual Machine Disk Totals
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VM.Name, Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int) as 'Total Disk', Cast(Round(Sum(Cast(VDISK.FREE_SPACE as numeric))/1024/1024/1024, 1) as int) as 'Free Disk' from dbo.VPX_GUEST_DISK VDISK inner join VPXV_VMS VM on VDISK.VM_ID = VM.VMID group by VM.Name compute sum(Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int))"

Query the Virtual Centre/VC database for Virtual Machine Disk information
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VM.Name, VDISK.* from dbo.VPX_GUEST_DISK VDISK inner join VPXV_VMS VM on VDISK.VM_ID = VM.VMID"

Query the Virtual Centre/VC database for Virtual Machine Disk Total
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int) from dbo.VPX_GUEST_DISK VDISK"

show the MSCS cluster multicast address properties
cluster /cluster:%Cluster% network "%PublicNetwork%" /priv

Find the MSCS cluster resources
cluster /cluster:%Cluster% res /prop find /i "sr"

Query VirtualCentre for hot migration events
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Create_Time as 'Relocation Start', UserName, VM_Name, Host_Name as 'Host Source', (select Host_Name from dbo.VPX_EVENT Where Chain_ID = EVTDEST.Chain_ID and event_type = 'vim.event.VmMigratedEvent') as 'Host Destination', ComputeResource_Name, DataCenter_Name from dbo.VPX_EVENT EVTDEST where event_type = 'vim.event.VmBeingHotMigratedEvent'"

Query VirtualCentre for migration events
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Create_Time as 'Relocation Start', UserName, VM_Name, Host_Name as 'Host Source', (select Host_Name from dbo.VPX_EVENT Where Chain_ID = EVTDEST.Chain_ID and event_type = 'vim.event.VmRelocatedEvent') as 'Host Destination', ComputeResource_Name, DataCenter_Name from dbo.VPX_EVENT EVTDEST where event_type = 'vim.event.VmBeingRelocatedEvent'"

Query VirtualCentre for DRS migration events
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Create_Time as 'Relocation Finished', VM_Name, Host_Name as 'Host Destination', (select Host_Name from dbo.VPX_EVENT Where Chain_ID = EVTDEST.Chain_ID and event_type = 'vim.event.VMBeingHotMigratedEvent') as 'Host Source', ComputeResource_Name, DataCenter_Name from dbo.VPX_EVENT EVTDEST where event_type = 'vim.event.DrsVmMigratedEvent'"

Use WMI to find the WINS entries for DNS-enabled NICs on a list of servers
for /f %i in (servers.txt) do @for /f "skip=1" %m in ('"wmic /node:%i path Win32_NetworkAdapterConfiguration WHERE FullDNSRegistrationEnabled=True get WINSPrimaryServer"') do @echo %i,%m

Set the WINS entry for the specified network
psexec \\%server% netsh interface ip set wins "Local Area Connection" static %WINSIP%

Report the NTFS permissions for restore from a SDDL template
setacl -on c:\windows -ot file -actn list -rec cont_obj -lst f:sddl -bckp test.txt

Remotely configure filesystem NTFS security using a secedit template
psexec \\%server% secedit /configure /db c:\windows\temp\%random%.sdb /cfg c:\windows\security\templates\%template%.inf /log c:\windows\temp\Configure.log

List the file system filters and instances installed on the system
fltmc filters & fltmc instances

Verify installed drivers
verifier.exe

Create a cluster file share
cluster /cluster:%Cluster% res "Share" /create /group:"VFP" /type:"File Share" & cluster /cluster:%Cluster% res "Share" /priv path="?:\%Path%" & cluster /cluster:%Cluster% res "Share" /priv Sharename=%ShareName% & cluster /cluster:%Cluster% res "Share" /priv Remark="File Share" & cluster /cluster:%Cluster% res "Share" /prop Description="File Share" & cluster /cluster:%Cluster% res "Share" /priv security=Everyone,grant,F:security & cluster /cluster:%Cluster% res "Share" /AddDep:"VFP" & cluster /cluster:%Cluster% res "Share" /AddDep:"VFP Disk07" & cluster /cluster:%Cluster% res "Share" /On

Create a generic cluster application for ABE
cluster /cluster:%Cluster% res "ABE" /create /group:"VFP" /type:"Generic Application" & cluster /cluster:%Cluster% res "ABE" /priv CommandLine="cmd.exe /k abecmd.exe /enable %Share%" & cluster /cluster:%Cluster% res "ABE" /priv CurrentDirectory="%SystemRoot%" & cluster /cluster:%Cluster% res "ABE" /priv InteractWithDesktop=0 & cluster /cluster:%Cluster% res "ABE" /priv UseNetworkName=0 & cluster /cluster:%Cluster% res "ABE" /prop SeparateMonitor=1 & cluster /cluster:%Cluster% res "ABE" /prop Description="Access Based Enumeration for File Share" & cluster /cluster:%Cluster% res "ABE" /AddDep:"VFP" & cluster /cluster:%Cluster% res "ABE" /AddDep:"VFP Disk" & cluster /cluster:%Cluster% res "ABE" /AddDep:"Share" & cluster /cluster:%Cluster% res "ABE" /On

Automated Printer configuration
rundll32 printui.dll,PrintUIEntry /?

Create a port using prnadmin.dll on a cluster node
cscript portmgr.vbs -a -c \\%PrintServer% -p %Printer% -h %PrinterIP% -t raw -n 9100

Create a printer using prnadmin.dll on a cluster node
cscript prnmgr.vbs -a -c \\%PrintServer% -b %Printer% -m "HP Universal Printing PCL 6" -r %Printer%

Set printer configuration using prnadmin.dll on a cluster node
cscript prncfg.vbs -s -b \\%PrintServer%\%Printer% -h %Printer% -l "Building/Level 1" +published

Query the Virtual Centre/VC database for Virtual Machine details
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select ENT.Name as 'Name', DNS_Name as 'DNS Name', Guest_OS as 'OS', Mem_Size_MB as 'Mem', Num_VCPU as 'CPU', Num_NIC as 'NIC', IP_Address as 'IP', NET.MAC_Address as 'MAC Address', VM.FILE_Name as 'VMX location' from vpx_vm VM inner join VPX_GUEST_NET_ADAPTER NET on VM.ID = NET.VM_ID inner join VPX_ENTITY ENT on VM.ID = ENT.ID where dns_name like '%'"

Windows Updates Automatic Updates Detect now
wuauclt /detectnow

Test for ping and then query computers for network information
for /f %i in (pcs.txt) do @for /f "tokens=3 delims=: " %m in ('"ping -n 1 %i find /i "reply from""') @do for /f "tokens=*" %p in ('"@wmic /node:%i path Win32_PerfRawData_Tcpip_NetworkInterface GET find /i "1000" find /i /v "MS TCP Loopback interface""') do @echo %i,%m,%p

Dump printer log entries
dumpel -s \\%PrintServer% -l System -e 10 -m Print -d 1

Add an x64 print driver to a cluster node
rundll32 printui.dll,PrintUIEntry /ia /c \\%PrintServer% /m "HP Color LaserJet 8550 PCL 5c" /h "x64" /v "Windows XP and Windows Server 2003" /f hpc8550t.inf

Add an x86 print driver to a cluster node
rundll32 printui.dll,PrintUIEntry /ia /c \\%PrintServer% /m "HP Color LaserJet 8550 PCL 5c" /h "x86" /v "Windows 2000, Windows XP and Windows Server 2003" /f hpc8550b.inf

Change the ownership of all subdirectories and files in a folder
subinacl /subdirectorie %Path%\*.* /setowner=%Domain%\%User%

Change the ownership of a folder
subinacl /file %Path% /setowner=%Domain%\%User%

WireShark/ethereal filter to exclude 3389 RDP
!((tcp.srcport == 3389) (tcp.dstport == 3389))

Show NetBIOS SMB lanmanserver binding
net config server

Show NetBIOS SMB lanmanworkstation binding
net config redirector

Find the session connection for a username and find the client workstation
for /f "tokens=2 delims=\" %i in ('"dsquery user -name %user% dsget user -hmdir find /i "%user%""') do @for /f "skip=1 tokens=1-3" %m in ('"wmic /node:"%i" path win32_serversession WHERE "UserName Like '%user%'" Get ComputerName,ActiveTime,IdleTime"') do @for /f "tokens=2" %q in ('"ping -a %n -n 1 find /i "pinging""') do @echo %q %user% %n %i %m %o

Doskey macro to find session connection information for a user/workstation
FU=for %g in ($1 $2 $3 $4 $5 $6 $7 $8 $9) do @for /f "tokens=2 delims=\" %i in ('"dsquery user -name %g dsget user -hmdir find /i "%g""') do @for /f "skip=1 tokens=1-3" %m in ('"wmic /node:"%i" path win32_serversession WHERE "UserName Like '%g'" Get ComputerName,ActiveTime,IdleTime"') do @for /f "tokens=2" %q in ('"ping -a %n -n 1 find /i "pinging""') do @echo %q %g %n %i %m %o

Hide LUNs with advanced ESX options
disk.MaskLUNs: vmhba0:0:4-5;vmhba1:0:4-5

Find the link speed when connecting to the domain
linkspeed /s %domain%

Add to the permissions on a printer
subinacl /printer \\%PrintServer%\%Printer% /grant=%Domain%\%Group%=M

List the printers on a server
cscript "c:\Program Files\Windows Resource Kits\Tools\prnmgr.vbs" -l -c \\%PrintServer% find /i "printername"

Refresh per user settings such as desktop wallpaper
RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters ,1 ,True

Find computers and their description from the AD
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer))" "%rootDN%" -attr cn description

Query RDP sessoins on a 2003 server
query session

Shadow an existing TS or console session (Ctrl -* to end the shadow)
shadow %session%

Run a command in the winlogon secure desktop of winsta0\winlogon
psexec /x /d /s cmd

Run a command in the winlogon secure desktop of winsta0\winlogon
psexec /s \\%computer% cmd /c c:\windows\temp\psexec /x /d /s cmd

Update the wallpaper on the winlogon secure desktop winsta0\winlogon
psexec /accepteula /x /s RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters

Run commands automatically when a command prompt is started
reg add "hklm\software\microsoft\Command Processor" /v AutoRun /t reg_sz /d "doskey /macrofile=macros.txt"

Export the groups a user in eDirectory is a member of
ldifde -f output.txt -s %NetwareServer% -a "%AccountDN%" * -d %rootDN% -r "(&(Objectclass=user)(((cn=User1)(cn=User2))))" -l cn,groupMembership

Replace ldifde output to join separated lines by removing CRLF
cscript SearchReplace.vbs /f:CSQProcurement_Groups.txt "\r\n ;"

Reformat ldifde output to show user per line per group membership
cscript //nologo FindGroups.vbs /f:output.txt

nslookup with debug information
nslookup -debug %IP%

Set the glocal default printer properties to allow duplexing
setprinter \\%PrintServer%\%i 8 "pDevMode=dmDuplex=2,dmCollate=1,dmFields=duplex collate"

Query the printers published against a specific computer account
dsquery * %ComputerDN%" -attr printShareName

Query all printers published in the Active Directory
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0

Produce a list of files that should be purged based in minage
robocopy /l %Source% %Temp%\Purge%Random% *.* /minage:6 /FP /NJS /NJH /E /TS /NS

Find the install date from a list of servers
for %i in (%Server1% %Server2%) do psinfo \\%i 2>nul findstr /i /c:"Install date" /c:"%ComputerName%"

Use findstr with regular expressions to find start of line + space + 'New Dir'
findstr /i "^.*New.Dir" Dirs.txt

Use delayed environment varialble substitution in a for loop
for /f "delims=:" %i in ('"findstr /i /n "^.*New.Dir" PurgeFiles.txt"') do Set Directory=0000%i & Echo !Directory:~-5!

Query Windows Update logs from contactable machines in an OU
for /f %i in ('"dsquery computer %DN% -o rdn"') do @for /f "tokens=3 delims=: " %m in ('"ping -n 1 %i find /i "reply from""') do dumpel -s %i -l system -e 19 20 -m "Windows Update Agent"

Query ESX for SNMPD service firewall configuration
esxcfg-firewall -q snmpd

SNMP check against ESX
Snmputil.exe get %host% %community% .iso.org.dod.internet.private.enterprises.6876.1.1.0

Produce a flat list of files, with the last-write date
dir %Directory% /tw/s find /i "/" find /i /v "DIR" > Output.txt

Given a control file and a text file, output control entries that aren't found
for /f "tokens=1-3" %i in (%ControlFile%) do @find /i "%i" %TextFile% >NUL & @if errorlevel 1 echo %i

Given a control file and a text file, show whether or not control is in text
for /f "tokens=1-3" %i in (%ControlFile%) do @find /i "%i" %TextFile% >NUL & @if errorlevel 0 if not errorlevel 1 (echo %i Member) else (echo %i NotMember)

Query a specific eDirectory group for its members
ldifde -f output.txt -s %NetwareServer% -a "%AccountDN%" * -d %rootDN% -l cn,member

Modify printer ACLs to add security on all printers for a print server
subinacl /printer \\%PrintServer%\* /grant=/grant=%Domain%\%Group%=M

Export a Operations Manager 2007 sealed management pack to an unsealed XML
. c:\windows\temp\MpToXml.ps1 "%SealedMP%.mp" c:\windows\temp

Use LDP to search for tombstoned objects in AD
Base DN: CN=Deleted Objects,%domainRoot%, Filter: (isDeleted=*), Extended Search, Add control: 1.2.840.113556.1.4.417

Bulk modify of mailbox permissions
admodcmd -dn "%DN%" -f "(&(objectclass=user)(CN=%userFilter%*))" -addtomailboxrights %Domain%\%Group% ACE_MB_FULL_ACCESS

Modify ACLs using dsacls (account ACL, not mailbox rights)
dsacls "%userDN%" /G "%Domain%\%Group%:CA;Send As"

Print a test page to one or more printers
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do cscript prnctrl.vbs -t -b \\%PrintServer%\%i

Given a list of printers, create an LPR port for each
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @cscript portmgr.vbs -a -c \\%PrintServer% -p %i -h %k -t LPR -q %i

Given a list of printers, create a printer using the specified driver/port
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @cscript prnmgr.vbs -a -c \\%PrintServer% -b %i -m "%j" -r %i

Given a list of printers, set the location, share name and publish in AD
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @cscript prncfg.vbs -s -b \\%PrintServer%\%i -h %i -l "%l" +published

Given a list of printers, set glocal default printer properties to duplex
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @setprinter \\%PrintServer%\%i 8 "pDevMode=dmDuplex=2,dmCollate=1,dmFields=duplex collate"

Given a list of printers, set printer permissions to allow for queue management
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @c:\util\subinacl /printer \\%PrintServer%\%i /grant=%Domain%\%Group%=M

Run the 32-bit version of regsvr32 on an x64 platform to register a DLL
c:\WINDOWS\SysWOW64\regsvr32 c:\admin\util\prnadmin.dll

Run the 32-bit version of cscript that accesses a 32-bit DLL on x64
c:\WINDOWS\SysWOW64\cscript portmgr.vbs

Show the current default settings send down to clients from a printer
setprinter -show \\%printServer%\%Printer% 8

Determine users that aren’t in a group
for /f "tokens=1-3" %i in (%users.txt%) do @for /f "tokens=*" %m in ('"@dsquery user -name %i"') do @echo %m & @dsget user %m -memberof -expand @findstr /i /c:"%m" /c:"%GROUP%" & echo.

Query group membership
dsquery group -name %GROUP% dsget group -members -expand > %GROUP%.members

Check whether users are in a group (from 'Query group membership')
for /f "skip=1 tokens=1-3" %i in (%users.txt%) do @find /i "%i" %GROUP%.members >NUL & @if errorlevel 1 echo %i

Check whether users are in a group or not (from 'Query group membership')
for /f "tokens=1-3" %i in (%users.txt%) do @find /i "%i" %GROUP%.members >NUL & @if errorlevel 0 if not errorlevel 1 (echo %i Member) else (echo %i NotMember)

Return the DN of a list of users
for /f %i in (%users.txt%) do @dsquery user -name %i

Check user attributes from AD (division, department, home drive, email)
for /f "tokens=1-3" %i in (%users.txt%) do @for /f "tokens=*" %m in ('"@dsquery user -name %i"') do @for /f "tokens=1-10" %q in ('"@dsquery * %m -attr CN department division mail homeDirectory homedrive find /i /v "homeDirectory""') do @echo %q,%r,%s,%t,%u,%v,%w,%x,%y >> UserInformation.csv

Check user home drive permissions from hmDir (top-level)
for /f %i in (%users.txt%) do @for /f "tokens=*" %m in ('"dsquery user -name %i dsget user -hmdir find /i "%i""') do cacls "%m"

Check Access Based Enumeration is enabled on a top-level share
psexec \\%server% abecmd %share%

Check permissions are being inherited
for /f %i in (%users.txt%) do @for /f "tokens=1" %m in ('"dsquery user -name %i dsget user -hmdir find /i "%i""') do @for /d %p in (%m\*.*) do @echo cacls "%p"

Check ownership of files
for /f %i in (%users.txt%) do @for /f "tokens=1" %m in ('"dsquery user -name %i dsget user -hmdir find /i "%i""') do @dir %m /q/s

Run diskpart to list NTFS volumes remotely
psexec \\%server% cmd /c "echo list volume diskpart find /i "NTFS""

Find local disks other than C: and D: that are NTFS
wmic /node:"%server%" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name

Find local disks using powershell and output to CSV
Get-WmiObject -Namespace root\cimv2 -ComputerName %server% -Query "SELECT * from Win32_LogicalDisk WHERE FileSystem='NTFS' AND Description = 'Local Fixed Disk' AND Name != 'C:' AND Name != 'D:'" export-csv c:\disk.csv

Find the disks currently owned by each cluster node
for %i in (%server1% %server2%) do @wmic /node:"%i" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name find /i "%server_prefix%"

In a 2003 cluster, find each disk volume and analyse file fragmentation
for /f "tokens=2,5,6,8" %i in ('"cluster /cluster:%cluster% resource /prop find /i "disk" find /i "description" find /i "%CommonTag%""') do echo \\%i\%k %j %l>> Defrag_%i_%j.txt && psexec \\%i defrag %k -a -v >> Defrag_%i_%j.txt

From cluster defrag analysis, print out details for each cluster volume
for /f "tokens=1,* delims=:" %i in ('"findstr /i /c:%server% /c:"Total files" /c:"Volume size" /c:"Used space" /c:"Percent free space" /c:"Total fragmented files" defrag*"') do @echo %j

Use SetPrinter to capture all settings for a printer
for %i in (0 1 2 3 4 5 6 7 8 9) do setprinter -show \\%server%\%printer% %i

Find the print processor used by all printers on a print server
setprinter -show \\%server% 2 findstr /c:"pPrinterName" /c:"pPrintProcessor"

check printers are being published in the directory through setprinter
setprinter -show \\%server% 7

Report print queue current length and various performance statistics
wmic /node:"%server%" path Win32_PerfFormattedData_Spooler_PrintQueue Get Name,Jobs,TotalJobsPrinted,TotalPagesPrinted,MaxJobsSpooling,JobErrors,OutOfPaperErrors

List printer drivers on a physical or cluster Windows 2003 server
cscript drvmgr.vbs -l -c \\%server%

Find printer event log entries for the last 15 minutes
for /f %i in ('cscript //nologo c:\data\scripts\updated\time\finddatetime.vbs') do wmic /node:"%server%" path Win32_NTLogEvent WHERE "SourceName='Print' AND LogFile='System' AND EventCode=10 AND TimeGenerated > '%i'"

Find printer event log entries for the specified user
wmic /node:"%server" path Win32_NTLogEvent WHERE "SourceName='Print' AND LogFile='System' AND EventCode=10 AND User='%Domain%\\%Username%'" Get User,TimeGenerated,InsertionStrings

Query the unidrv DLL versions from a list of pingable computers in an OU
for /f %i in ('"dsquery computer %OU_DN% -limit 0 -o rdn"') do @for /f "tokens=3 delims=: " %m in ('"ping -n 1 %i find /i "reply from""') do @for /f "tokens=1-9" %q in ('"filever \\%~i\C$\windows\system32\spool\drivers\w32x86\3\uni*.dll find /i /v "\\%~i""') do @echo %i,%q,%r,%s,%t,%u,%v,%w,%x,%y

Read directories from a security template, checking if they exist
for /f "skip=2 tokens=1 delims=," %i in ('"find /i "OICI" \\%server%\%Template%"') do @if not exist \\%server%\%drive%$%~pi echo \\%server%\%drive%%~pi

Modify a printer to use the winprint processor
setprinter \\%Server%\%Printer% 2 pPrintProcessor="WinPrint"

Join output split across two lines using delayed variable expansion (cmd /v:on)
for /f "tokens=3,4" %i in ('"findstr /i /c:"printDuplexSupported" /c:"Share Name" PrintersRegQuery.txt"') do @if "%i"=="REG_SZ" (@Set Printer=%j) else (@Echo !Printer!,%i)

Process robocopy /l output to find files/data that would be copied
for /f "tokens=2,5 delims=_:" %i in (output.txt) do @If "!User!" NEQ "%i" (@Set User=%i&@Set Line=%i,%j) else (@Set Line=!Line!,%j & @Echo !Line!)

Query the Virtual Centre/VC database for Virtual Machine snapshots (GMT+10)
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select ENT.Name as 'Name', DNS_Name as 'DNS Name', Guest_OS as 'OS', Mem_Size_MB as 'Mem', IP_Address as 'IP', VM.FILE_Name as 'VMX location', VM.Suspend_Time as 'Suspend Time', VM.Suspend_Interval as 'Suspend Interval', VMS.Snapshot_Name as 'Snapshot Name', VMS.Snapshot_Desc 'Snapshot Description', DateAdd(Hour, 10, VMS.Create_Time) as 'Snapshot Time', VMS.Is_Current_Snapshot 'Current Snapshot' from vpx_vm VM inner join VPX_GUEST_NET_ADAPTER NET on VM.ID = NET.VM_ID inner join VPX_ENTITY ENT on VM.ID = ENT.ID inner join VPX_SNAPSHOT VMS on VM.ID = VMS.VM_ID

Query vmfs volumes for snapshot files from the console
ls -Ral /vmfs/volumes/*.* grep .vmsn

Query the Virtual Centre/VC database for Virtual Machine LUN attachments
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VMS.Name, TDS.Name from vpxv_vms VMS inner join vpxv_vm_datastore VVMDS on VMS.VMID = VVMDS.VM_ID inner join vpx_datastore TDS on VVMDS.DS_ID = TDS.ID Order by VMS.Name"

Query the Virtual Centre/VC database for Virtual Machine config LUN
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VMS.Name as 'VM Name', TDS.Name as 'Config Datastore', SubString(ConfigFileName, CharIndex('/', ConfigFileName, Len('sanfs://vmfs'))+1, 255) as 'Config Path' from vpxv_vms VMS inner join vpx_datastore TDS on TDS.Storage_URL = SubString(VMS.ConfigFileName, 1, CharIndex('/', VMS.ConfigFileName, Len('sanfs://vmfs'))) Order By 'Config Datastore'"

Query the Virtual Centre/VC database for volume total and free disk space
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Name, Cast(Round(Cast(Capacity as numeric)/1024/1024/1024, -1) as int) as 'Total Space', Cast(Round(Cast(Free_Space as numeric)/1024/1024/1024, -1) as int) as 'Free Space', Type from vpx_Datastore"

Open an Excel document in read-only mode from the commandline
start excel /h /e %xls%

Query printer information from AD (speed, memory etc)
dsquery * %serverDN% -limit 0 -filter "(&(objectClass=printQueue)(objectCategory=printQueue))" -attr cn printerName driverName printCollate printColor printLanguage printSpooling driverVersion printStaplingSupported printMemory printRate printRateUnit printMediaReady

Export printer information from AD (speed, memory etc)
csvde -f Printers.csv -d %serverDN% -r "(&(objectClass=printQueue)(objectCategory=printQueue))" -l cn,printerName,location,driverName,printCollate,printColor,printLanguage,printSpooling,driverVersion,printStaplingSupported,printMemory,printRate,printRateUnit,printMediaReady

Extract B if A is found in B, otherwise report blank
for /f "tokens=1-3 delims=," %i in (a.txt) do @find /i "%i" b.csv >nul & If errorlevel 0 if not errorlevel 1 (for /f "tokens=4 delims=," %m in ('"find /i "%i" b.csv find /i "%i""') do @echo %i,%m,%j,%k) else (Echo %i,none,%j,%k)

Query SMS for computers on a particular subnet
wmic /namespace:\\root\sms\site_%sitecode% /node:"%site_Server%" path SMS_R_System WHERE "IPSubnets='%subnet%' AND Active=1'" get name

Query SMS for computers in a specific AD site
wmic /namespace:\\root\sms\site_%sitecode% /node:"%site_Server%" path SMS_R_System WHERE "ADSiteName='BNE' AND Active=1'" get name

Find the owner of a process using WMI - see who's logged on remotely
wmic /node:"%computer%" PROCESS where "caption='explorer.exe'" getowner

Convert a file to/from base64 to transmit a binary file through filters
http://www.motobit.com/util/base64-decoder-encoder.asp

Check through SNMP whether a printer supports a duplexing media path
snmputil walk %printer% public printmib.prtMediaPath.prtMediaPathTable.prtMediaPathEntry.prtMediaPathDescription

Check through SNMP the printer device model
snmputil getnext %printer% public host.hrDevice.hrDeviceTable.hrDeviceEntry.hrDeviceDescr

Disable path parsing when listing a directory
dir "\\?\c:\folder"

Find VM distribution on VMware cluster physical nodes
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "Select VH.DNS_NAME as 'Host', count(VM.HOST_ID) from vpx_vm VM inner join vpx_host VH on VM.HOST_ID = VH.ID group by VM.HOST_ID, VH.DNS_NAME order by 'Host'"

Find network information for a computer from SMS
wmic /namespace:\\root\sms\site_%sitecode% /node:"%siteserver%" path SMS_R_System WHERE Name='%computer%' get name,adsitename,IPAddresses,IPSubnets,MACAddresses

Send a Wake-on-lan magic packet on a local subnet
wolcmd 00157283E57F 192.168.0.10 255.255.255.0 7

Query the NTFS attributes of a file
nfi "C:\windows\system32\notepad.exe"

Query the Virtual Centre/VC database for VM CPU alarms
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select ALR.Created_Time, ENT.Name from vpx_alarm_runtime ALR inner join vpx_alarm AL on ALR.Alarm_ID = AL.Alarm_ID inner join vpx_entity ENT on ALR.Entity_ID = ENT.ID where AL.Name = 'Virtual Machine CPU Usage' order by created_time"

Get the lanmanserver description using SNMP
Snmputil.exe get %server% %community% .iso.org.dod.internet.private.enterprises.lanmanager.lanmgr-2.server.svDescription.0z

Query the performance counters stored in a log file
relog.exe file.blg -q

View/Modify the ACL security on spooler pipe
pipesec \\%computer%\pipe\spoolss

Report multiple named instances of SQL on a remote server
reg query "\\%server%\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL

Query the group membership cache used by Group Policy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership

Report and save the security on one or more NTFS Filesystem objects
ICACLS %object% /save %outputfile%

Reset the inherited DACL flag on an object to not protected, inherit below
setacl -on %Directory% -ot file -actn setprot -op dacl:np

Reset inherited permissions for specified NTFS objects
setacl -on %Directory%\*.* -ot file -actn rstchldrn -rst DACL

Check the first x characters from A against B, report differences (cmd /v:on)
for /f "tokens=1-4 delims=," %i in (%Source%) do @set VarA=%i & Set VarB=%j& if /i "!VarA:~0,4!" NEQ "!VarB:~0,4!" echo %i,%j,%k,%l mismatch

Set a Service Principal Name for an alias against the host computer account
setspn -A HOST/%alias%.domain.com %server%

Find the computer object advertising a specific SPN
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(servicePrincipalName=*SPN*))" -attr cn servicePrincipalName distinguishedName

Register a Virtual Machine in ESX
vmware-cmd -s register "/path/to/vmx/or/vmtx"

unregister a Virtual Machine in ESX
vmware-cmd -s unregister "/path/to/vmx/or/vmtx"

Export group objects from AD to a CSV file
adfind -b "domainRoot" -f "objectclass=group" cn samaccountname -csv

Check local profiles, reporting whether they are local administrators or not
for /f %i in ('"dir /b/ad "c:\Documents and Settings""') do @for /f %m in ('"psgetsid %i 2>Nul | find /i "s-1""') do @reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\%m\GroupMembership" 2>nul | find /i "S-1-5-32-544" 1>nul & @if errorlevel 1 (@echo %i Not an Administrator or group policy entry not found) else (@echo %i Is an Administrator)

View the User Accounts control panel applet
Control Userpasswords2

Roll daily logs into monthly logs (command runs each day)
for /f "tokens=3,4 delims=/ " %i in ('echo %date%') do copy c:\logs\daily\logfile_%j%i??.csv c:\logs\monthly\logfile_%j%i.csv /y

Query printer tray configuration of printers on a cluster (HP UPD)
for /f %i in (Printers.txt) do @for /f "tokens=1,2,*" %m in ('"reg query \\%PrintServer%\HKEY_LOCAL_MACHINE\Cluster\Resources\%ClusterResourceGUID%\Parameters\Printers\%i\PrinterDriverData /v InputSlot 2>nul | find /i "InputSlot" & if errorlevel 1 echo 1 2 NotFound"') do @echo %i,%o>>PrinterTrays.txt

Use SNMP to get the printer media path, indicating simplex/duplex capabilities
for /f %i in (Printers.txt) do @for /f "tokens=3,*" %m in ('"snmputil walk %i public printmib.prtMediaPath.prtMediaPathTable.prtMediaPathEntry.prtMediaPathDescription 2>nul| find /i "value" & if errorlevel 1 echo 1 2 3 NotFound"') do @echo %i,%n

List the file screen groups for File Server Resource Manager (FSRM)
filescrn filegroup list

Directory listing of all files in bare format, excluding the the dir objects
dir \\%server%\%share%\*.* /a-d/s/b

Enable SSH client out on an ESX host firewall, permitting SCP as well
esxcfg-firewall -e sshClient

Query the ESX firewall to determine whether SSH client is allowed out
esxcfg-firewall -q | grep sshClient

Use the VI Toolkit Powershell snap-in to query for snapshots
Get-VM | Get-Snapshot | export-csv -path c:\temp\VMsnapshots.csv

Use the VI Toolkit Powershell snap-in to query for snapshot information
Get-VM | Get-Snapshot | foreach-object {$out= $_.VM.Name + "," + $_.Name + "," + $_.Description + "," + $_.PowerState; $out}

Master an ISO Image from a source directory
oscdimg -m -h -n . %Target%.iso

Enable Netlogon debugging
nltest /dbflag:0x2080FFFF

Change security on a file in the ESX service console
chmod u+rwx,g+rx,o+rx somefile

Start a remote process using Powershell/WMI
$computer = "."; ([WMICLASS]"\\$computer\root\CIMv2:win32_process").Create("notepad.exe")

Find remote drivers installed on a computer
devcon -m:\\%computer% status *

Create a floppy image from the given path
bfi.exe -v -f=test.img %path%

Extract files from a floppy image (Gilles Vollant extract.exe)
extract -e %imgfile%

Dump file and security attributes on an NTFS filesystem
filestat %file%

Check NULL sessions to see if user/group information can be enumerated
hunt.exe OR winfo.exe

Identify the DN of an Active Directory group
dsquery group -name %GroupName%

Find the current group scope of a security group
dsget group %GroupDN% -scope -secgrp

Change a group's scope to universal, a stepping stone for conversion
dsmod group %GroupDN% -scope u

Change a universal group's scope to global or local
dsmod group %GroupDN% -scope l | g

Modify the UPN for a user
dsmod user "%userdN%" -upn user@domain

Find all user accounts with a UPN, and count the DNs returned
dsquery * domainroot -filter "&(objectclass=user)(objectcategory=person)(userprincipalname=*)" -s %server% | find /i /c "user"

Find all user accounts without a UPN, and count the DNs returned
dsquery * domainroot -filter "&(objectclass=user)(objectcategory=person)(!(userprincipalname=*))" -s %server% | find /i /c "user"

Identify user accounts without a UPN to be corrected
dsquery * %OU% -filter "&(objectclass=user)(objectcategory=person)(!(userprincipalname=*))" -s %server% -scope onelevel -attr name distinguishedname > NoUPN.txt

After identifying one or more accounts without a UPN, set the UPN for each
for /f "skip=1 tokens=1,2-3" %i in (NoUPN.txt) do dsmod user "%j %k" -upn %i@%upnsuffix%

Show all replicated attributes in the AD Schema
dsquery * cn=schema,cn=configuration,DC=forestRootDomain -filter "(&(objectClass=attributeSchema)(objectCategory=attributeSchema)(!systemFlags:1.2.840.113556.1.4.803:=1))" -limit 0

Show an AD schema attribute
dsquery * cn=pwd-last-set,cn=schema,cn=configuration,DC=forestRootDomain

Bitwise AND the system-flags of a schema attribute to show if replicated
dsquery * cn=pwd-last-set,cn=schema,cn=configuration,DC=forestRootDomain -filter "!(&(systemFlags:1.2.840.113556.1.4.803:=1))"

Given a list of user CNs, find them in the directory and report homeDirectory
for /f %i in (Users.txt) do @for /f "tokens=*" %m in ('"dsquery user -name %i"') do @for /f %p in ('"dsquery * %m -attr homeDirectory -l | find /i "\\" & if errorlevel 1 Echo NoHomeDirectory"') do @echo %i,%m,%p

Disable strict name checking for a machine
reg add \\%computer%\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters /v DisableStrictNameChecking /t reg_dword /d 0x1

Query printers for job counts >= 1
wmic /node:"%server%" path Win32_PerfFormattedData_Spooler_PrintQueue Where "Jobs>=1" Get Name,Jobs,MaxJobsSpooling,JobErrors,OutOfPaperErrors

List transports and if they are bound to NetBIOS (NetBT over TCP/IP)
browstat dumpnet

View the browse list using NetServerEnum to a domain or server
browstat view \Device\NetBT_Tcpip_{972F2574-31D4-4467-8BC0-70B3C57C1279} %domain%

Show the ACL in SDDL format using cacls
cacls c:\ /s

Add authenticated users:R to the root (not OICI) using SDDL with cacls
cacls c:\ /S:"D:PAI(A;OICI;FA;;;BA)(A;;0x1200a9;;;AU)(A;OICI;FA;;;SY)"

Query Storage Report Management global settings (file screening and quotas)
reg query HKEY_LOCAL_MACHINE\Cluster\SRM\Settings\SrmGlobalSettings /v Data

Show the current mounted volumes on the local system
mountvol OR mountvol c:\ /l

Find remote cscript processes and the scripts they are running (arguments)
wmic /node:"%computer%" path win32_process Where "Caption Like '%cscript%' " get Caption,CommandLine,CreationDate,WorkingSetSize,ProcessId

Connect to a named SQL instance through Management Studio
%server%\%instance_name%

Query an Enterprise Vault Directory database for file group information(view)
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select * from dbo.view_FileGroupAndFileGroupFile"

Query an Enterprise Vault Directory database for file group information(table)
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select FileGroupName, FileGroupDescription, FileSpecification from filegroupfile inner join Filegroup on FileGroupFile.FileGroupEntryID = FileGroup.FileGroupEntryID Order By FileGroupName"

Query an Enterprise Vault Directory database for index errors
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "Select ArchiveName, ArchiveStatus, IndexRootPath, Offline, Failed, Rebuilding, IndexedItems, FailedItems from IndexVolumeView where (rebuilding != 0) OR (Failed != 0) OR (Offline != 0)"

Extract events from a non-standard event log
wmic /node:"%computer%" path Win32_NTLogEvent WHERE "SourceName='%EventSource%' AND LogFile='%LogName%' AND EventCode=%eventcode%"

Start a process in low priority
cmd /c start "LowPriority" /BELOWNORMAL notepad "a file.txt"

Create a hardlink directory entry linking one file to another
fsutil hardlink create %NewFileLink% %ExistingFile%

create symbolic dir, file links, hard links and dir junctions Vista/2008
mklink

Add a string to an alternate stream stored as a $DATA attribute
echo this content will be stored in the file sub stream > test.txt:stream1

Add the contents of a file to an alternate data strem
type file.txt > test.txt:stream1

Create a new file in an alternate stream as part of a directory
md test & echo alternate stream > test:stream1

Display the stream
more < test.txt:stream1

Add an executable as an alternate stream attached to a directory
type c:\windows\system32\notepad.exe > test:test.exe

Run the executable in the alternate stream
cmd /c start .\test:test.exe

Retrieve the binary file from an alternate data stream (port of Unix Cat)
cat test:test.exe > note.exe

Remove an NTFS alternate data stream (does not maintain timestamps)
type test.txt>test1.txt

Delete an alternate data stream
streams -d test.txt

Dump NTFS info from the MFT for a File Record Segment (unix port)
ntfsinfo -d /dev/hda1 -i 36

Find cluster disk size and free space
echo clusnode1 > clusternodes.txt & echo clusnode2 >> clusternodes.txt & echo clusnode3 >> clusternodes.txt & echo clusnode4 >> clusternodes.txt & wmic /node:@clusternodes.txt path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name,Size,FreeSpace,VolumeName

Query HP printers for the page count using SNMP
for /f %i in (Printers.txt) do @echo %i & @snmputil walk %i public printmib.prtMarker.prtMarkerTable.prtMarkerEntry.prtMarkerLifeCount | find /i "value"

Create a security template from the given directory for SDDL secedit processing
for /d %i in (%source%\*.*) do @for /f "tokens=2" %j in ('cacls.exe %i /S') do @echo Processing %~ni & echo "%i",2,%j >> Security.txt

Make test directories from a security template
for /f "tokens=1,2,3,* delims=\," %i in ('"find /i "dir1\dir2" template.inf"') do md "c:\temp\sectest\%j\%k

Reformat the target of a security template for offline testing
for /f "tokens=1,2,3,* delims=\," %i in ('"find /i "dir1\dir2" template.inf"') do @echo "c:\temp\sectest\%j\%k,%l

Disable automatic mounting of volumes added to a 2003 system
automount disable

Remove automatic mount points for volumes that no longer exist
automount scrub

Allow Dell OpenManage Server Administrator traffic through ESX
esxcfg-firewall -o 1311,tcp,in,OpenManageRequest

Query the replicated lastLogonTimestamp attribute for password changes
dsquery user -inactive 8 -limit 0

Delete a cluster resource type
cluster restype "%resource_name%" /delete /type

Query the Virtual Centre/VC database for Virtual Machine LUN mapping and size
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VMS.Name, TDS.Name, Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int) as 'Total Disk', Cast(Round(Sum(Cast(VDISK.FREE_SPACE as numeric))/1024/1024/1024, 1) as int) as 'Free Disk' from vpxv_vms VMS inner join vpxv_vm_datastore VVMDS on VMS.VMID = VVMDS.VM_ID inner join vpx_datastore TDS on VVMDS.DS_ID = TDS.ID inner join VPX_GUEST_DISK VDISK on VMS.VMID = VDISK.VM_ID group by VMS.Name, TDS.Name Order by TDS.Name, VMS.Name"

Open the administrative tools start menu list
control admintools

Open the scheduled tasks special folder
control SCHEDTASKS

Disable hibernation
powercfg -h off

Show network interface statistics (packets/errors/bytes)
netstat -e

Find remote processes and the command-line parameters with PowerShell
Get-WmiObject win32_process | Format-Table ExecutablePath,Caption,CommandLine,CreationDate,WorkingSetSize,ProcessId

Create an IIS virtual directory
cscript C:\WINDOWS\system32\iisvdir.vbs /create "Default Web Site" %Alias% %rootPath%

Use WMIC aliases to format the output in CSV or XML
wmic process list /format:xml | wmic process list /format:csv

Use WMIC aliases to format the output in HTML TABLE, MOFCSV or XML
wmic process list /format:htable | wmic process list /format:HMOF

Use WMIC aliases to sort the output in HTML
wmic process list /format:htable:"sortby=Name" > test.html

Use WMIC aliases to filter and sort the output in CSV
wmic process get name /format:csv:"datatype=text":"sortby=Name"

Use WMIC remotely aliases to retrieve command-line process arugments
wmic /node:"%server%" process get name,CommandLine /format:csv:"sortby=Name"

Use WMIC wmic aliases to sort the result set by number
wmic Logon get /Format:htable:"datatype=number":"sortby=LogonType"

Use a custom WMIC alias to report printer info from a cluster node in CSV
wmic /node:"%server%" spoolerjobs list /format:table

Use a custom WMIC alias to report sorted HTML printer info from a cluster node
wmic /node:"%server%" spoolerjobs list /format:htable:"datatype=number":"sortby=TotalJobsPrinted"

Use a custom WMIC alias to report a brief summary of printer statistics
wmic /node:"%server%" spoolerjobs list brief /format:htable:"datatype=number":"sortby=TotalJobsPrinted"

Use a custom WMIC alias and xsl to sort print jobs output descending HTML table
wmic /node:"%server%" spoolerjobs list brief /format:"htabledesc-sortby.xsl":"datatype=number":"orderby=descending":"sortby=TotalJobsPrinted" > test.html

Query a user from AD using WMI
wmic /node:"%DC%" /namespace:\\root\directory\LDAP path ds_user where "ds_cn='%username%'" GET ds_displayName,DS_UserPrincipalName,ds_cn,ds_name,ds_whenCreated

Use WMIC to get instances of a class and format the output as CSV
wmic path win32_process get name,commandline /format:csv

Find cluster disk size and free space in CSV format
wmic /node:"%server%","%server%","%server%","%server%" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name,Size,FreeSpace,VolumeName /format:csv

Find cluster disk size and free space in modified CSV format with thousand sep.
wmic /node:"%server%","%server%","%server%","%server%" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET Name,Size,FreeSpace,VolumeName /format:csv2

Report the hosts controlled by a VirtualCentre instance
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select [Name] from vpxv_hosts order by [Name]"

Report the hosts controlled by a VirtualCentre instance
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select DNS_Name, IP_Address, PRODUCT_FULLNAME from vpx_host Order by DNS_Name"

Report the windows MSCS cluster virtual groups
cluster /cluster:%cluster% group /prop | find /i "description" | find /i /v "pbx" | find /i /v "cluster"

Report folders being archived from Enterprise Vault EV FSA
sqlcmd -S sqlServer%\%instance% -o ArchivedFolders.txt -d %enterprisevaultdirectory% -W -s "," -Q "select FSVP.UncName, FSVP.VolumeName, FSFE.FolderPath, FSVP.UncName + '\' + FSVP.VolumeName + '\' + FSFE.FolderPath as 'Path' from dbo.FileServerFolderEntry FSFE inner join dbo.vw_FileServer_Volume_Policy FSVP on FSFE.VolumeEntryID = FSVP.VolumeEntryID"

Report folders from the one or more servers not being archived compared to FSA export
for %i in (\\%server%\share% \\%server%\share% ) do @for /f "tokens=1-4,*" %m in ('"dir %i\* /ad /tc | find "DIR" | find "-""') do @find /i "%q" ArchivedFolders.txt >nul & @If errorlevel 1 (echo %q,%i,%m %n %o) >> NotArchived.csv

Find the current CPU utilisation for processes using WMI
wmic /node:"%computer%" path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime

Use JT to update a scheduled task's working directory
jt.exe /sac \\%computer%\c$\windows\Tasks\%Task%.job /sj WorkingDirectory = "%workingdir%"

Reset inheritance starting at a folder and recursing
icacls \\UNC\Path /reset /t /c

Open a saved printer query window
rundll32 dsquery,OpenSavedDsQuery %Config%.qds

Disable path parsing to access a file using UNC
type "\\?\UNC\server\share\path\file.txt"



Wayne's World of IT (WWoIT), Copyright 2008 Wayne Martin.

4 comments:

Unknown said...

Wayne,
YES... w/o a doubt... I would like some of your scripts! Two that I saw while quickly looking throught "Useful command-lines" are: FindUserLogonCount.wsf and FindSubnets.bat. Hopefully you can post these too?

Thanks for this great resource
Bill

Wayne Martin said...

Hi Bill,

I'll start with findsubnets.bat, which is a batch file I wrote a while back now, so I've also converted it to a single-line command using delayed variable expansion (cmd /v:on).

For example, given an IP and mask, return the subnet:
for /f "tokens=1-8 delims=.- " %i in ('echo 192.168.5.200 255.255.255.0') do set /a Octet1="%i & %m" >nul & set /a Octet2="%j & %n" >nul & set /a Octet3="%k & %o" >nul & set /a Octet4="%l & %p" >nul & Echo %i.%j.%k.%l,!Octet1!.!Octet2!.!Octet3!.!Octet4!,%m.%n.%o.%p

::--
::The longhand batch file method:
:: --
@Echo Off
Set Input=%1
If /i "%Input%"=="" Goto End

for /f "tokens=1-8 delims=.- " %%i in (%Input%) do Call :FindOctet %%i %%j %%k %%l %%m %%n %%o %%p
Goto End

:FindOctet
::Echo %1 %2 %3 %4 %5 %6 %7 %8

set /a Octet1="%1 & %5" >nul
set /a Octet2="%2 & %6" >nul
set /a Octet3="%3 & %7" >nul
set /a Octet4="%4 & %8" >nul
Echo %1.%2.%3.%4,%Octet1%.%Octet2%.%Octet3%.%Octet4%,%5.%6.%7.%8
Set Octet1=
Set Octet2=
Set Octet3=
Set Octet4=
Goto End

:InvalidArgs
Echo Please provide an input filename.
Goto End

:End

Anonymous said...

Hi Wayne,

Please let me know how i can find out computers there on a particular site.

i tried your dnscmd but its throwing syntax errors.

let me know what will be the command if the zonename is test.local and subnet is 10.0.0.0

Wayne Martin said...

Hello, in your example of a test.local zone, you could use the following command to query all records in that zone:

dnscmd %server% /enumrecords test.local @ /additional /continue > test.txt

You could then search for 10. with:
find /i "10." test.txt

Note that depending on your mask this won't necessarily be accurate, and doesn't really map to computers in a site (just records in a DNS zone).


All Posts

printQueue AD objects for 2003 ClusterVirtualCenter Physical to VirtualVirtual 2003 MSCS Cluster in ESX VI3
Finding duplicate DNS recordsCommand-line automation – Echo and macrosCommand-line automation – set
Command-line automation - errorlevels and ifCommand-line automation - find and findstrBuilding blocks of command-line automation - FOR
Useful PowerShell command-line operationsMSCS 2003 Cluster Virtual Server ComponentsServer-side process for simple file access
OpsMgr 2007 performance script - VMware datastores...Enumerating URLs in Internet ExplorerNTLM Trusts between 2003 and NT4
2003 Servers with Hibernation enabledReading Shortcuts with PowerShell and VBSModifying DLL Resources
Automatically mapping printersSimple string encryption with PowerShellUseful NTFS and security command-line operations
Useful Windows Printer command-line operationsUseful Windows MSCS Cluster command-line operation...Useful VMware ESX and VC command-line operations
Useful general command-line operationsUseful DNS, DHCP and WINS command-line operationsUseful Active Directory command-line operations
Useful command-linesCreating secedit templates with PowerShellFixing Permissions with NTFS intra-volume moves
Converting filetime with vbs and PowerShellDifference between bat and cmdReplica Domain for Authentication
Troubleshooting Windows PrintingRenaming a user account in ADOpsMgr 2007 Reports - Sorting, Filtering, Charting...
WMIC XSL CSV output formattingEnumerating File Server ResourcesWMIC Custom Alias and Format
AD site discoveryPassing Parameters between OpsMgr and SSRSAnalyzing Windows Kernel Dumps
Process list with command-line argumentsOpsMgr 2007 Customized Reporting - SQL QueriesPreventing accidental NTFS data moves
FSRM and NTFS Quotas in 2003 R2PowerShell Deleting NTFS Alternate Data StreamsNTFS links - reparse, symbolic, hard, junction
IE Warnings when files are executedPowerShell Low-level keyboard hookCross-forest authentication and GP processing
Deleting Invalid SMS 2003 Distribution PointsCross-forest authentication and site synchronizati...Determining AD attribute replication
AD Security vs Distribution GroupsTroubleshooting cross-forest trust secure channels...RIS cross-domain access
Large SMS Web Reports return Error 500Troubleshooting SMS 2003 MP and SLPRemotely determine physical memory
VMware SDK with PowershellSpinning Excel Pie ChartPoke-Info PowerShell script
Reading web content with PowerShellAutomated Cluster File Security and PurgingManaging printers at the command-line
File System Filters and minifiltersOpsMgr 2007 SSRS Reports using SQL 2005 XMLAccess Based Enumeration in 2003 and MSCS
Find VM snapshots in ESX/VCComparing MSCS/VMware/DFS File & PrintModifying Exchange mailbox permissions
Nested 'for /f' catch-allPowerShell FindFirstFileW bypassing MAX_PATHRunning PowerSell Scripts from ASP.Net
Binary <-> Hex String files with PowershellOpsMgr 2007 Current Performance InstancesImpersonating a user without passwords
Running a process in the secure winlogon desktopShadow an XP Terminal Services sessionFind where a user is logged on from
Active Directory _msdcs DNS zonesUnlocking XP/2003 without passwords2003 Cluster-enabled scheduled tasks
Purging aged files from the filesystemFinding customised ADM templates in ADDomain local security groups for cross-forest secu...
Account Management eventlog auditingVMware cluster/Virtual Center StatisticsRunning scheduled tasks as a non-administrator
Audit Windows 2003 print server usageActive Directory DiagnosticsViewing NTFS information with nfi and diskedit
Performance Tuning for 2003 File ServersChecking ESX/VC VMs for snapshotsShowing non-persistent devices in device manager
Implementing an MSCS 2003 server clusterFinding users on a subnetWMI filter for subnet filtered Group Policy
Testing DNS records for scavengingRefreshing Computer Account AD Group MembershipTesting Network Ports from Windows
Using Recovery Console with RISPAE Boot.ini Switch for DEP or 4GB+ memoryUsing 32-bit COM objects on x64 platforms
Active Directory Organizational Unit (OU) DesignTroubleshooting computer accounts in an Active Dir...260+ character MAX_PATH limitations in filenames
Create or modify a security template for NTFS perm...Find where a user is connecting from through WMISDDL syntax in secedit security templates

About Me

I’ve worked in IT for over 20 years, and I know just about enough to realise that I don’t know very much.