There are currently 425 commands in this post that I've found useful in some way over the years. Note that many of the command-line calls may require Microsoft utilities (such as dsquery, ldifde, dnscmd), or custom written scripts that can be posted when requested.
Most of the commands are for the windows-based command interpreter, with a few PowerShell and ESX service console commands creeping in. They range from diagnostics, troubleshooting and simply automating recurring tasks.
Each command-line can be copied and pasted at the command prompt, if you use a batch file you'll need to reference variables with double-percent (%%).
The idea is that almost anything is possible from the command-line, and there are very few things that aren't possible in a single line (especially with delayed environment variable expansion - see cmd /?).
FSMO Roles
ntdsutil roles Connections "Connect to server %logonserver%" Quit "select Operation Target" "List roles for conn server" Quit Quit Quit
Domain Controllers
Nltest /dclist:%userdnsdomain%
Domain Controller IP Configuration
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do psexec \\%i ipconfig /all >> DC_IPConfig.txt
Stale computer accounts
dsquery computer domainroot -stalepwd 180 -limit 0 > ComputerAccounts+180.txt
Stale user accounts
dsquery user domainroot -stalepwd 180 -limit 0 > UserAccounts+180.txt
Disabled user accounts
dsquery user domainroot -disabled -limit 0 > UserAccountsDisabled.txt
User logon statistics
cscript FindUserLogonCount.wsf (custom written VBScript)
AD Database disk usage
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do dir \\%i\d$\ntds >> NTDS_Size_%userdomain%.txt
Global Catalog Servers from DNS
dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp find /i "3268"
Global Catalog Servers from AD
dsquery * "CN=Configuration,DC=forestRootDomain" -filter "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"
Users with no logon script
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))" -limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName
User accounts with no pwd required
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))"
User accounts with no pwd expiry
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"
User accounts that are disabled
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))"
User accounts with no password expiry and not disabled
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536)(!userAccountControl:1.2.840.113556.1.4.803:=2))"
DNS Information
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do dnscmd %i /info
DNS Zone Detailed information
dnscmd /zoneinfo %userdnsdomain%
Tombstoned AD objects
Adrestore.exe (sysinternals utility)
Garbage Collection and tombstone
dsquery * "cn=Directory Service,cn=Windows NT,cn=Services,cn=Configuration,DC=forestRootDomain" -attr garbageCollPeriod tombstoneLifetime
Netsh authorised DHCP Servers
netsh dhcp show server
DSQuery authorised DHCP Servers
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers
DHCP server information
netsh dhcp server \\DHCP_SERVER show all
DHCP server dump
netsh dhcp server \\DHCP_SERVER dump > dhcp.txt
WINS serer information
Netsh wins server \\WINS_SERVER dump > wins.txt
Group Policy Verification Tool
gpotool.exe /checkacl /verbose
AD OU membership
dsquery computer -limit 0
AD OU membership
dsquery user -limit 0
List Service Principal Names
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do setspn -L %i
Compare DC Replica Object Count
dsastat –s:DC1;DC2;... –b:Domain –gcattrs:objectclass –p:999
Check AD ACLs
acldiag dc=domainTree
NTFRS Replica Sets
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do ntfrsutl sets %i
NTFRS DS View
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do ntfrsutl ds %i
Domain Controllers per site
Dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -filter (objectCategory=Server)
DNS Zones in AD
for /f %i in ('dsquery server -o rdn') do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)
Enumerate DNS Server Zones
for /f %i in ('dsquery server -o rdn') do dnscmd %i /enumzones
Subnet information
Dsquery subnet –limit 0
List Organisational Units
Dsquery OU
ACL on all OUs
For /f “delims=” %i in ('dsquery OU') do acldiag %i >> ACLDiag.txt
Domain Trusts
nltest /domain_trusts /v
Print DNS Zones
dnscmd DNSServer /zoneprint DNSZone
Last 50 leases on DHCP servers
for /f %i in (DHCPServers.txt) do echo %i && tail -50 \\%i\c$\WINNT\system32\dhcp\DhcpSrvLog.Tue
Active DHCP leases
For /f %i in (DHCPServers.txt) do for /f “delims=- ” %j in ('"netsh dhcp server \\%i show scope find /i "active""') do netsh dhcp server \\%i scope %j show clientsv5 >> DHCPClients_%i.txt
DHCP clients from all servers
Find /i “255.” DHCPClients_*.txt find /i “255.” > DHCPClientsAll.txt
DHCP Server Active Scope Info
For /f %i in (DHCPServers.txt) do netsh dhcp server \\%i show scope find /i "active" >> DHCPInfo_%i.txt
Find Subnets from DHCP clients
FindSubnets.bat 'Output from Active DHCP leases'
Resolve DHCP clients hostnames
for /f "tokens=1,2,3 delims=," %i in (Output from 'Find Subnets from DHCP clients') do @for /f "tokens=2 delims=: " %m in ('"nslookup %j find /i "Name:""') do echo %m,%j,%k,%i
Find two online PCs per subnet
Echo. > TwoClientsPerSubnet.txt & for /f "tokens=1,2,3,4 delims=, " %i in ('"find /i "pc" 'Output from Resolve DHCP clients hostnames'"') do for /f "tokens=3 skip=1 delims=: " %m in ('"Find /i /c "%l" TwoClientsPerSubnet.txt"') do If %m LEQ 1 for /f %p in ('"ping -n 1 %i find /i /c "(0% loss""') do If %p==1 Echo %i,%j,%k,%l >> TwoClientsPerSubnet.txt
Find unique Subnets
for /f "delims=" %i in (Output from FindSubnets) do @Find /i "%i" UniqueSubnets.txt 1>nul 2>nul & @if ErrorLevel 1 echo %i >> UniqueSubnets.txt
AD Subnet and Site Information
dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn siteObject description location
Find DHCP Scopes not in AD
for /f "tokens=1,2" %i in (Output from 'Find Unique Subnets') do @for /f "skip=2 delims==" %m in ('find /i "%j" SubnetMaskShorthand.txt') do @find /i "%i/%m" Output from 'AD Subnet and Site Information' >NUL & @If ErrorLevel 1 for /f "skip=1 tokens=2 delims=:" %p in ('find /i /c "%i %j" Output from 'Find Subnets from formatted output'') do @Echo %i/%m,%p
AD Site Information
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn description location -filter (objectClass=site)
Printer Queue Objects in AD
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0
Group Membership with user details
dsget group "groupDN" -members dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr
DHCP Clients Per AD Site
for /f "tokens=1,2,3 delims=/ " %i in (Output from 'AD Subnet and Site Information') do @For /f "skip=2 tokens=1,2 delims==" %m in ('find /i "%j=" SubnetMaskShorthand.txt') do @For /f "skip=1 tokens=2 delims=:" %p in ('find /i /c "%i,%n" Output from 'Find Subnets from DHCP clients') Do @Echo %i/%m,%p,%k
DHCP Servers Per AD Site
for /f "tokens=1,2 delims=/" %i in (SiteClientCounts.txt) do @for %k in ("Output from ‘DHCP Server Active Scope Info’") do @find /i "%i" "%k" >nul & If ErrorLevel 0 if Not ErrorLevel 1 echo %i/%j,%~nk
Total DHCP Scopes
find /i "subnet" "Output from DHCP server information" find /i "subnet"
Site Links and Cost
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn cost description replInterval siteList -filter (objectClass=siteLink)
Time gpresult
timethis gpresult /v > GPResult_%ComputerName%.txt 2<&1 Check time against Domain w32tm /monitor /computers:ForestRootPDC > %temp%\Time.txt
Domain Controller Diagnostics
dcdiag /s:%logonserver% /v /e /c
Domain Replication Bridgeheads
repadmin /bridgeheads
Replication Failures from KCC
repadmin /failcache
Inter-site Topology servers per site
Repadmin /istg * /verbose
Replication latency
repadmin /latency /verbose
Queued replication requests
repadmin /queue *
Show connections for a DC
repadmin /showconn *
Replication summary
Repadmin /replsummary
Show replication partners
repadmin /showrepl * /all
All DCs in the forest
repadmin /viewlist *
ISTG from AD attributes
dsquery * "CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr interSiteTopologyGenerator
Return the object if KCC Intra/Inter site is disabled for each site
Dsquery site dsquery * -attr * -filter "((Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))"
Find all connection objects
dsquery * forestRoot -filter (objectCategory=nTDSConnection) –attr distinguishedName fromServer whenCreated displayName
Find all connection schedules
adfind -b "cn=Configuration,DC=forestRootDomain" -f "objectcategory=ntdsConnection" cn Schedule -csv
Software Information for each server
for /f %i in (Output from 'Domain Controllers') do psinfo \\%i > ServerInfo_%i.txt & filever \\%i\admin$\explorer.exe \\%i\admin$\system32\vbscript.dll \\%i\admin$\system32\kernel32.dll \\%i\admin$\system32\wbem\winmgmt.exe \\%i\admin$\system32\oleaut32.dll >> ServerInfo_%i.txt
Check Terminal Services Delete Temp on Exit flag
For /f %i in (Output from 'Domain Controllers') do Reg query “\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v DeleteTempDirsOnExit
For each XP workstation, query the current site and what Group Policy info
dsquery * domainroot -filter "(&(objectCategory=Computer)(operatingSystem=Windows XP Professional))" -limit 0 -attr cn > Workstations.txt & @For /f %i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel 0 If NOT ErrorLevel 1 @Echo %i & for /f "tokens=3" %k in ('"reg query "\\%i\hklm\software\microsoft\windows\currentversion\group policy\history" /v DCName Find /i "DCName""') do @for /f %m in ('"nltest /server:%i /dsgetsite find /i /v "completed successfully""') do @echo %i,%k,%m
Time offsets from client diagnostics
for %i in (*time*.txt) do @for /f "tokens=2 delims=:" %j in ('"find /i "NTP:" %i find /i "NTP:""') do @echo %i,%j
Information on existing GPO’s
dsquery * "CN=Policies,CN=System,domainRoot" -filter "(objectCategory=groupPolicyContainer)" -attr displayName cn whenCreated gPCFileSysPath
Copy all Group Policy .pol files
for /f "tokens=1-8 delims=\" %i in ('dir /b /s \\%dc%\sysvol\%userdnsdomain%\policies\*.pol') do @echo copy \\%i\%j\%k\%l\%m\%n\%o %m_%n.pol
Extract the registry entries from each Group Policy pol file
for %i in (*.pol) do regview %i > %i.txt
Find policy changes for each policy
for /f "tokens=1,2 delims=," %i in (Output from 'Extract policy registry entries') do for /f "tokens=2 delims=:" %k in ('"find /i /c "valuename" %~nj*.txt find /i "%~nj""') do @echo %i,%j,%k
Domain Controller Netlogon entries
for /f %i in ('dsquery server /o rdn') do echo %i & reg query \\%i\hklm\system\currentcontrolset\services\netlogon\parameters
Find site links that contain two sites with Domain Controllers
for /f "tokens=1,2 delims=-" %i in (Sites.txt) do @find /i "%i" DCs.txt >nul & if errorlevel 0 if not errorlevel 1 @find /i "%j" DCs.txt find /i /v "----------"
WINS Statistics
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show statistics >> WINSConfig_%j.txt
WINS Record counts per server
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show reccount %i >> WINSRecordCount.txt
WINS Server Information
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show info >> WINSConfig_%i.txt
WINS Server Dump
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i dump > WINSConfig_%i.txt
WINS Static Records per Server
netsh wins server \\LocalWINSServer show database servers={} rectype=1
Find policy display name given the GUID
dsquery * "CN=Policies,CN=System,DC=domainRoot" -filter (objectCategory=groupPolicyContainer) -attr Name displayName
Find empty groups
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 -attr whenCreated whenChanged groupType sAMAccountName distinguishedName memberOf
Find remote NIC bandwidth
wmic /node:%server% path Win32_PerfRawData_Tcpip_NetworkInterface GET Name,CurrentBandwidth
Find remote free physical memory
wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory
Find remote system information
SystemInfo /s %Computer%
Disk statistics, including the number of files on the filesystem
chkdsk /i /c
Query IIS web sites
iisweb /s %Server% /query "Default Web Site"
Check port state and connectivity
portqry -n %server% -e %endpoint% -v
Forest/Domain Functional Levels
ldifde -d cn=partitions,cn=configuration,dc=%domain% -r "((systemFlags=3)(systemFlags=-2147483648))" -l msds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -f con (see http://support.microsoft.com/kb/322692 and http://support.microsoft.com/kb/224386)
Forest/Domain Functional Levels
dsquery * cn=partitions,cn=configuration,dc=%domain% -filter "((systemFlags=3)(systemFlags=-2147483648))" -attr msDS-Behavior-Version Name dnsroot ntmixeddomain NetBIOSName (see http://support.microsoft.com/kb/322692 and http://support.microsoft.com/kb/224386)
Find the parent of a process
wmic path Win32_Process WHERE Name='%ProcessName%' GET Name,ParentProcessId
Lookup SRV records from DNS
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}
Find when the AD was installed
dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base
Enumerate the trusts from the specified domain
dsquery * "CN=System,DC=domainRoot" -filter "(objectClass=trustedDomain)" -attr trustPartner flatName
Find a DC for each trusted domain
for /f "skip=1" %i in ('"dsquery * CN=System,DC=domainRoot -filter (objectClass=trustedDomain) -attr trustPartner"') do nltest /dsgetdc:%i
Verify automatic external LDAP referrals are working
dsquery * dc=common,dc=local
Check the password filter is installed on all DCs
for /f %i in ('dsquery server /o rdn') do @for /f "tokens=4" %m in ('"reg query \\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v "Notification Packages" find /i "Notification""') do @echo %i,%m
List ACLs in SDDL format
setacl -on %filepath% -ot file -actn list -lst f:sddl
PSCP secure copy a file
pscp %file% %user%@%target%:/target/path
Find out if a user account is currently enabled or disabled
dsquery user DC=%userdnsdomain:.=,DC=% -name %username% dsget user -disabled -dn
Find 2003 servers in the domain
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0
Open DS query window
rundll32 dsquery,OpenQueryWindow
Add a host record in DNS
dnscmd %dnsserver% /recordadd %zone% %relative_name% A %ip%
Accept a input and store in a variable
set /p <variable>=<prompt>
Remote Computer Management MMC
compmgmt.msc /computer=%1
Create a placeholder file
fsutil file createnew <filename> <size>
Device Manager showing hidden devices
SET DEVMGR_SHOW_NONPRESENT_DEVICES=1 & Devmgmt.msc
Logical Disk Information
wmic /node:%server% path Win32_LogicalDisk
Physical Disk Information
wmic /node:%server% path Win32_DiskPartition
Echo both stdout and stderr to the same file
> output.txt 2<&1
Servers in the directory and their description
dsquery * -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*server*))" -limit 0 -attr cn description
Enumerate all records from a DNS zone
dnscmd %server% /enumrecords %zone% @ /additional /continue > DNS_all.txt
Find aging records from an enumerated zone
find /i "aging:" DNS_all.txt > DNS_aging.txt
DNS Scavenging check, based on the output of aging records from dnscmd.exe
cscript DNSScavengeTest.wsf /f:DNS_aging.txt
For the first token in each line in A, compare the second token in B
for /f "tokens=1-3 delims=," %i in ('"find /i /v "<exclude>" a.txt"') do @for /f "tokens=1-3 skip=2 delims=," %m in ('"find /i "%i" b.txt"') do @if /i "%i"=="%m" @if /i "%j" NEQ "%n" @echo %i,%j,%n
For the first token in each line in A, find not in B
for /f "skip=2 delims=," %i in ('" find /i /v "<exclue>" a.txt"') do @find /i "%i" b.txt 1>nul 2>nul & @if errorlevel 1 echo %i
Query DNS objects from the directory
dsquery * DC=<zone>,CN=MicrosoftDNS,cn=System,dc=<domainroot>
Start DNS scavenging
dnsmd /startscavenging
Find the DFS roots from Active Directory
dsquery * "CN=DFS Volumes,CN=File Replication Service,CN=System,DC=domainRoot"
Find the DFS roots using dfsutil
dfsutil /domain:%domain% /view
View info on a DFS root
dfsutil /root:<dfsroot> /view
Port Query testing network connectivity to the specified endpoint
portqry -n %target% -e 135
Test RPC endpoints
rpcdump /s %computer% /v /i
Extract a cabinet from an MSI stream
msidb -d "%msi%" -x "%cabinet name%" (get the cabinet name from the Media table using orca, and the filenames from the File table)
Delete a host record from DNS
dnscmd %server% /recorddelete %zone% @ A %IP%
Add a CNAME record to DNS
dnscmd %server% /recordadd %zone% %AliasName% CNAME %HostnameAliasing%
Add a system environment variable
setenv -a test %path%;%AdminRoot%\Utils
Check for a schema attribute
dsquery * "CN=Schema,CN=Configuration,DC=forestRoot" -filter "(&((cn=%ObjectName*)((objectCategory=classSchema)(objectCategory=attributeSchema))))"
Determine the DNS suffix search list set through policy for a computer
reg query "\\%Computer%\HKEY_LOCAL_MACHINE\software\policies\microsoft\Windows NT\DNSClient" /v SearchList
Find servers and the description recorded with the computer account
dsquery * %domainRoot% -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0 -attr cn distinguishedName Description
Find DCs in the specified site from AD
dsquery * "CN=%SiteName%,CN=Sites,CN=Configuration,DC=root,DC=local" -filter "&(objectClass=server)(objectCategory=server)"
Lock the workstation from the commandline
%windir%\System32\rundll32.exe user32.dll, LockWorkStation
Perform idle time optimisation (eg. file placement optimisation)
rundll32.exe advapi32.dll,ProcessIdleTasks
Hardware Installation from an INF file
%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall
Refresh network configuration after policy changes (eg SearchList)
RunDLL32.EXE netshell.dll,NetSetupFinishInstall
Query SMS inventory information from the commandline
wmic /namespace:\\root\sms\site_%SiteCode% /node:%Computer% path SMS_G_System_SYSTEM_ENCLOSURE WHERE ResourceID='%RID%'
Determine whether an attribute is replicated in AD
dsquery * cn=%AttributeName%,cn=schema,cn=configuration,dc=forestRootDomain -filter "!(&(systemFlags:1.2.840.113556.1.4.803:=1))"
Find customised Service Connection Points of type RISServer
dsquery * -filter "&((objectClass=ConnectionPoint)(objectCategory=ServiceConnectionPoint)(keywords=RISServer))" -attr serviceDNSName
Find intellimirror SCPs fpr RIS servers
dsquery * -filter "&((objectClass=ConnectionPoint)(objectCategory=IntellimirrorSCP)(netbootServer=*))" -attr netbootServer
Find remote connections to a server
wmic /node:%server% path win32_serverconnection
Find remote sessions to a server
wmic /node:%server% path win32_serversession
Find security patches applicable on a machine with MBSA
wmic /node:%computer% path Win32_PatchState
For services that aren't running, find their start type
for /f "skip=4 tokens=1-3" %i in ('sclist \\%computer%') do @if "%i" NEQ "running" @for /f "tokens=4" %m in ('"sc \\%computer% qc %j find /i "START_TYPE""') do @echo %i,%j,%k,%m
For computers listed, if a service exists, start it
for /f %i in (computers.txt) do sclist \\%i find /i "%service_name%" && sc \\%i start "%service_name%"
Query a registry value of multiple computers
for %i in (PC1 PC2 PC3) do @Echo %i & reg query \\%i\hklm\software\%key% /v %Value% find /i "%Value%"
Query the creation date of multiple computers
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)((cn=PC1)(cn=PC2)(cn=PC3)))" -attr CN whenCreated
Query SMS for the creation date of computer records
select Name0, Creation_Date0 from v_r_system where name0 in('PC1','PC2','PC3')
Find RIS servers hosting the specified image
for /f "tokens=2 skip=1 delims==, " %i in (RIS_Servers.txt) do @if exist \\%i\reminst\setup\english\%Source% @echo %i
Modify Outlook to allow access to blocked attachements
reg add HKU\S-1-5-21-2091930395-2002392527-14044502-274471\Software\Microsoft\Office\11.0\Outlook\Security /v Level1Remove /t reg_sz /d ".exe"
Open the Find Files Dialog Box
echo Set objShell = CreateObject("Shell.Application") > test.vbs && Echo objShell.FindFiles >> test.vbs && cscript test.vbs
Query for the zones hosted on a Microsoft DNS server
wmic /namespace:\\root\microsoftdns /node:%server% path MicrosoftDNS_Zone
Query zone resource records on a Microsoft DNS server
wmic /namespace:\\root\microsoftdns /node:%server% path MicrosoftDNS_ResourceRecord WHERE ContainerName='%zone_name%'
Query DNS forest-wide partition replica
dsquery * "DC=ForestDNSZones,dc=forestRootDomain
View Software Installation controlled through AD, both current and history
gpsiviewer.exe
View Group Policy application times
gptime
Remote GP Update
rgprefresh
Find the tail of lines between two strings to display
for /f "delims=[]" %i in ('"find /i /N "Forwarders:" A.txt"') do for /f "delims=[]" %m in ('"find /i /N "Command completed successfully." A.txt"') do for /f %p in ('set /a %m-%i') do echo %p
Find DNS Forwarder information from dnscmd output
for %b in (DNS*.txt) do @for /f "skip=2 delims=[]" %i in ('"find /i /N "Forwarders:" %b"') do @for /f "skip=2 delims=[]" %m in ('"find /i /N "Command completed successfully." %b"') do @for /f %p in ('set /a %m-%i') do echo tail -%p %b
Dump account lockout eventlog entries from all DCs for the last five days
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do echo dumpel.exe -e 644 -l Security -m Security -s %i -c -d 5
List primary reverse lookup zones from a DNS server
dnscmd %server% /EnumZones /secondary /reverse
List allowed secondary servers for the specified zone
dnscmd %server /zoneinfo %ip%.in-addr.arpa SecondaryServers
Turn on RIS debugging
reg add \\%server%\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Binlsvc\Parameters /v Debug /t reg_dword /d 0x80FFFFFF & sc \\%server% stop binlsvc & sc \\%server% start binlsvc
Query for universal groups
dsquery * dc=%forestRootDomain% -filter "(&(objectCategory=group)(groupType=-2147483640))"
Trigger a command to run on a specific event
eventtriggers /create /TR Test /L Security /EID 680 /T SUCCESSAUDIT /TK calc.exe
Create an XML file with the MD5 hashes of a set of files
FCIV
Find the shell extensions currently loaded
ShexView
Find server information
srvinfo.exe
LDAP Query from eDirectory
ldifde -d %rootDN% -s %NetwareServer% -f output.ldf -a "%UserDN%" *
csvde export form eDirectory
csvde -f OutputFile.csv -a "%UserDN%" * -r "(Objectclass=user)" -d "%rootDN%" -s NetwareServer%
Dump the VMware IP config
cat /proc/vmware/net/tcpip/ifconfig
View network traffic in the vswif service console interface
/usr/sbin/tcpdump -i vswif0 grep -v ssh
Query for the display specifiers in the AD user class
dsquery * "CN=user-Display,CN=409,CN=DisplaySpecifiers,CN=Configuration,%forestrootDomain%" -attr *
Query VMs and their MAC addresses from the VC database
sqlcmd -S %sqlServer% -d %Database% -W -s "," -q "select ENT.Name, NET.MAC_Address from VPX_GUEST_NET_ADAPTER NET inner join VPX_ENTITY ENT on NET.VM_ID = ENT.ID"
Check the Legato AAM HA agent
cat /opt/LGTOaam512/log/aam_config_util_addnode.log
VMware HA Legato AAM, list the cluster manager
/opt/LGTOaam512/bin/ftcli -domain vmware -timeout 60 -cmd "listrules"
(run 'FT_DIR=/opt/LGTOaam512' and then 'export FT_DIR' first)
VMware HA Legato AAM, list the cluster nodes
/opt/LGTOaam512/bin/ftcli -domain vmware -connect %node% -port 8042 -timeout 60 -cmd "listnodes"
(run 'FT_DIR=/opt/LGTOaam512' and then 'export FT_DIR' first)
Query the Virtual Centre/VC database for Virtual Machine Disk Totals
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VM.Name, Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int) as 'Total Disk', Cast(Round(Sum(Cast(VDISK.FREE_SPACE as numeric))/1024/1024/1024, 1) as int) as 'Free Disk' from dbo.VPX_GUEST_DISK VDISK inner join VPXV_VMS VM on VDISK.VM_ID = VM.VMID group by VM.Name compute sum(Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int))"
Query the Virtual Centre/VC database for Virtual Machine Disk information
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VM.Name, VDISK.* from dbo.VPX_GUEST_DISK VDISK inner join VPXV_VMS VM on VDISK.VM_ID = VM.VMID"
Query the Virtual Centre/VC database for Virtual Machine Disk Total
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int) from dbo.VPX_GUEST_DISK VDISK"
show the MSCS cluster multicast address properties
cluster /cluster:%Cluster% network "%PublicNetwork%" /priv
Find the MSCS cluster resources
cluster /cluster:%Cluster% res /prop find /i "sr"
Query VirtualCentre for hot migration events
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Create_Time as 'Relocation Start', UserName, VM_Name, Host_Name as 'Host Source', (select Host_Name from dbo.VPX_EVENT Where Chain_ID = EVTDEST.Chain_ID and event_type = 'vim.event.VmMigratedEvent') as 'Host Destination', ComputeResource_Name, DataCenter_Name from dbo.VPX_EVENT EVTDEST where event_type = 'vim.event.VmBeingHotMigratedEvent'"
Query VirtualCentre for migration events
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Create_Time as 'Relocation Start', UserName, VM_Name, Host_Name as 'Host Source', (select Host_Name from dbo.VPX_EVENT Where Chain_ID = EVTDEST.Chain_ID and event_type = 'vim.event.VmRelocatedEvent') as 'Host Destination', ComputeResource_Name, DataCenter_Name from dbo.VPX_EVENT EVTDEST where event_type = 'vim.event.VmBeingRelocatedEvent'"
Query VirtualCentre for DRS migration events
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Create_Time as 'Relocation Finished', VM_Name, Host_Name as 'Host Destination', (select Host_Name from dbo.VPX_EVENT Where Chain_ID = EVTDEST.Chain_ID and event_type = 'vim.event.VMBeingHotMigratedEvent') as 'Host Source', ComputeResource_Name, DataCenter_Name from dbo.VPX_EVENT EVTDEST where event_type = 'vim.event.DrsVmMigratedEvent'"
Use WMI to find the WINS entries for DNS-enabled NICs on a list of servers
for /f %i in (servers.txt) do @for /f "skip=1" %m in ('"wmic /node:%i path Win32_NetworkAdapterConfiguration WHERE FullDNSRegistrationEnabled=True get WINSPrimaryServer"') do @echo %i,%m
Set the WINS entry for the specified network
psexec \\%server% netsh interface ip set wins "Local Area Connection" static %WINSIP%
Report the NTFS permissions for restore from a SDDL template
setacl -on c:\windows -ot file -actn list -rec cont_obj -lst f:sddl -bckp test.txt
Remotely configure filesystem NTFS security using a secedit template
psexec \\%server% secedit /configure /db c:\windows\temp\%random%.sdb /cfg c:\windows\security\templates\%template%.inf /log c:\windows\temp\Configure.log
List the file system filters and instances installed on the system
fltmc filters & fltmc instances
Verify installed drivers
verifier.exe
Create a cluster file share
cluster /cluster:%Cluster% res "Share" /create /group:"VFP" /type:"File Share" & cluster /cluster:%Cluster% res "Share" /priv path="?:\%Path%" & cluster /cluster:%Cluster% res "Share" /priv Sharename=%ShareName% & cluster /cluster:%Cluster% res "Share" /priv Remark="File Share" & cluster /cluster:%Cluster% res "Share" /prop Description="File Share" & cluster /cluster:%Cluster% res "Share" /priv security=Everyone,grant,F:security & cluster /cluster:%Cluster% res "Share" /AddDep:"VFP" & cluster /cluster:%Cluster% res "Share" /AddDep:"VFP Disk07" & cluster /cluster:%Cluster% res "Share" /On
Create a generic cluster application for ABE
cluster /cluster:%Cluster% res "ABE" /create /group:"VFP" /type:"Generic Application" & cluster /cluster:%Cluster% res "ABE" /priv CommandLine="cmd.exe /k abecmd.exe /enable %Share%" & cluster /cluster:%Cluster% res "ABE" /priv CurrentDirectory="%SystemRoot%" & cluster /cluster:%Cluster% res "ABE" /priv InteractWithDesktop=0 & cluster /cluster:%Cluster% res "ABE" /priv UseNetworkName=0 & cluster /cluster:%Cluster% res "ABE" /prop SeparateMonitor=1 & cluster /cluster:%Cluster% res "ABE" /prop Description="Access Based Enumeration for File Share" & cluster /cluster:%Cluster% res "ABE" /AddDep:"VFP" & cluster /cluster:%Cluster% res "ABE" /AddDep:"VFP Disk" & cluster /cluster:%Cluster% res "ABE" /AddDep:"Share" & cluster /cluster:%Cluster% res "ABE" /On
Automated Printer configuration
rundll32 printui.dll,PrintUIEntry /?
Create a port using prnadmin.dll on a cluster node
cscript portmgr.vbs -a -c \\%PrintServer% -p %Printer% -h %PrinterIP% -t raw -n 9100
Create a printer using prnadmin.dll on a cluster node
cscript prnmgr.vbs -a -c \\%PrintServer% -b %Printer% -m "HP Universal Printing PCL 6" -r %Printer%
Set printer configuration using prnadmin.dll on a cluster node
cscript prncfg.vbs -s -b \\%PrintServer%\%Printer% -h %Printer% -l "Building/Level 1" +published
Query the Virtual Centre/VC database for Virtual Machine details
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select ENT.Name as 'Name', DNS_Name as 'DNS Name', Guest_OS as 'OS', Mem_Size_MB as 'Mem', Num_VCPU as 'CPU', Num_NIC as 'NIC', IP_Address as 'IP', NET.MAC_Address as 'MAC Address', VM.FILE_Name as 'VMX location' from vpx_vm VM inner join VPX_GUEST_NET_ADAPTER NET on VM.ID = NET.VM_ID inner join VPX_ENTITY ENT on VM.ID = ENT.ID where dns_name like '%'"
Windows Updates Automatic Updates Detect now
wuauclt /detectnow
Test for ping and then query computers for network information
for /f %i in (pcs.txt) do @for /f "tokens=3 delims=: " %m in ('"ping -n 1 %i find /i "reply from""') @do for /f "tokens=*" %p in ('"@wmic /node:%i path Win32_PerfRawData_Tcpip_NetworkInterface GET find /i "1000" find /i /v "MS TCP Loopback interface""') do @echo %i,%m,%p
Dump printer log entries
dumpel -s \\%PrintServer% -l System -e 10 -m Print -d 1
Add an x64 print driver to a cluster node
rundll32 printui.dll,PrintUIEntry /ia /c \\%PrintServer% /m "HP Color LaserJet 8550 PCL 5c" /h "x64" /v "Windows XP and Windows Server 2003" /f hpc8550t.inf
Add an x86 print driver to a cluster node
rundll32 printui.dll,PrintUIEntry /ia /c \\%PrintServer% /m "HP Color LaserJet 8550 PCL 5c" /h "x86" /v "Windows 2000, Windows XP and Windows Server 2003" /f hpc8550b.inf
Change the ownership of all subdirectories and files in a folder
subinacl /subdirectorie %Path%\*.* /setowner=%Domain%\%User%
Change the ownership of a folder
subinacl /file %Path% /setowner=%Domain%\%User%
WireShark/ethereal filter to exclude 3389 RDP
!((tcp.srcport == 3389) (tcp.dstport == 3389))
Show NetBIOS SMB lanmanserver binding
net config server
Show NetBIOS SMB lanmanworkstation binding
net config redirector
Find the session connection for a username and find the client workstation
for /f "tokens=2 delims=\" %i in ('"dsquery user -name %user% dsget user -hmdir find /i "%user%""') do @for /f "skip=1 tokens=1-3" %m in ('"wmic /node:"%i" path win32_serversession WHERE "UserName Like '%user%'" Get ComputerName,ActiveTime,IdleTime"') do @for /f "tokens=2" %q in ('"ping -a %n -n 1 find /i "pinging""') do @echo %q %user% %n %i %m %o
Doskey macro to find session connection information for a user/workstation
FU=for %g in ($1 $2 $3 $4 $5 $6 $7 $8 $9) do @for /f "tokens=2 delims=\" %i in ('"dsquery user -name %g dsget user -hmdir find /i "%g""') do @for /f "skip=1 tokens=1-3" %m in ('"wmic /node:"%i" path win32_serversession WHERE "UserName Like '%g'" Get ComputerName,ActiveTime,IdleTime"') do @for /f "tokens=2" %q in ('"ping -a %n -n 1 find /i "pinging""') do @echo %q %g %n %i %m %o
Hide LUNs with advanced ESX options
disk.MaskLUNs: vmhba0:0:4-5;vmhba1:0:4-5
Find the link speed when connecting to the domain
linkspeed /s %domain%
Add to the permissions on a printer
subinacl /printer \\%PrintServer%\%Printer% /grant=%Domain%\%Group%=M
List the printers on a server
cscript "c:\Program Files\Windows Resource Kits\Tools\prnmgr.vbs" -l -c \\%PrintServer% find /i "printername"
Refresh per user settings such as desktop wallpaper
RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters ,1 ,True
Find computers and their description from the AD
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer))" "%rootDN%" -attr cn description
Query RDP sessoins on a 2003 server
query session
Shadow an existing TS or console session (Ctrl -* to end the shadow)
shadow %session%
Run a command in the winlogon secure desktop of winsta0\winlogon
psexec /x /d /s cmd
Run a command in the winlogon secure desktop of winsta0\winlogon
psexec /s \\%computer% cmd /c c:\windows\temp\psexec /x /d /s cmd
Update the wallpaper on the winlogon secure desktop winsta0\winlogon
psexec /accepteula /x /s RunDll32.exe USER32.DLL,UpdatePerUserSystemParameters
Run commands automatically when a command prompt is started
reg add "hklm\software\microsoft\Command Processor" /v AutoRun /t reg_sz /d "doskey /macrofile=macros.txt"
Export the groups a user in eDirectory is a member of
ldifde -f output.txt -s %NetwareServer% -a "%AccountDN%" * -d %rootDN% -r "(&(Objectclass=user)(((cn=User1)(cn=User2))))" -l cn,groupMembership
Replace ldifde output to join separated lines by removing CRLF
cscript SearchReplace.vbs /f:CSQProcurement_Groups.txt "\r\n ;"
Reformat ldifde output to show user per line per group membership
cscript //nologo FindGroups.vbs /f:output.txt
nslookup with debug information
nslookup -debug %IP%
Set the glocal default printer properties to allow duplexing
setprinter \\%PrintServer%\%i 8 "pDevMode=dmDuplex=2,dmCollate=1,dmFields=duplex collate"
Query the printers published against a specific computer account
dsquery * %ComputerDN%" -attr printShareName
Query all printers published in the Active Directory
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0
Produce a list of files that should be purged based in minage
robocopy /l %Source% %Temp%\Purge%Random% *.* /minage:6 /FP /NJS /NJH /E /TS /NS
Find the install date from a list of servers
for %i in (%Server1% %Server2%) do psinfo \\%i 2>nul findstr /i /c:"Install date" /c:"%ComputerName%"
Use findstr with regular expressions to find start of line + space + 'New Dir'
findstr /i "^.*New.Dir" Dirs.txt
Use delayed environment varialble substitution in a for loop
for /f "delims=:" %i in ('"findstr /i /n "^.*New.Dir" PurgeFiles.txt"') do Set Directory=0000%i & Echo !Directory:~-5!
Query Windows Update logs from contactable machines in an OU
for /f %i in ('"dsquery computer %DN% -o rdn"') do @for /f "tokens=3 delims=: " %m in ('"ping -n 1 %i find /i "reply from""') do dumpel -s %i -l system -e 19 20 -m "Windows Update Agent"
Query ESX for SNMPD service firewall configuration
esxcfg-firewall -q snmpd
SNMP check against ESX
Snmputil.exe get %host% %community% .iso.org.dod.internet.private.enterprises.6876.1.1.0
Produce a flat list of files, with the last-write date
dir %Directory% /tw/s find /i "/" find /i /v "DIR" > Output.txt
Given a control file and a text file, output control entries that aren't found
for /f "tokens=1-3" %i in (%ControlFile%) do @find /i "%i" %TextFile% >NUL & @if errorlevel 1 echo %i
Given a control file and a text file, show whether or not control is in text
for /f "tokens=1-3" %i in (%ControlFile%) do @find /i "%i" %TextFile% >NUL & @if errorlevel 0 if not errorlevel 1 (echo %i Member) else (echo %i NotMember)
Query a specific eDirectory group for its members
ldifde -f output.txt -s %NetwareServer% -a "%AccountDN%" * -d %rootDN% -l cn,member
Modify printer ACLs to add security on all printers for a print server
subinacl /printer \\%PrintServer%\* /grant=/grant=%Domain%\%Group%=M
Export a Operations Manager 2007 sealed management pack to an unsealed XML
. c:\windows\temp\MpToXml.ps1 "%SealedMP%.mp" c:\windows\temp
Use LDP to search for tombstoned objects in AD
Base DN: CN=Deleted Objects,%domainRoot%, Filter: (isDeleted=*), Extended Search, Add control: 1.2.840.113556.1.4.417
Bulk modify of mailbox permissions
admodcmd -dn "%DN%" -f "(&(objectclass=user)(CN=%userFilter%*))" -addtomailboxrights %Domain%\%Group% ACE_MB_FULL_ACCESS
Modify ACLs using dsacls (account ACL, not mailbox rights)
dsacls "%userDN%" /G "%Domain%\%Group%:CA;Send As"
Print a test page to one or more printers
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do cscript prnctrl.vbs -t -b \\%PrintServer%\%i
Given a list of printers, create an LPR port for each
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @cscript portmgr.vbs -a -c \\%PrintServer% -p %i -h %k -t LPR -q %i
Given a list of printers, create a printer using the specified driver/port
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @cscript prnmgr.vbs -a -c \\%PrintServer% -b %i -m "%j" -r %i
Given a list of printers, set the location, share name and publish in AD
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @cscript prncfg.vbs -s -b \\%PrintServer%\%i -h %i -l "%l" +published
Given a list of printers, set glocal default printer properties to duplex
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @setprinter \\%PrintServer%\%i 8 "pDevMode=dmDuplex=2,dmCollate=1,dmFields=duplex collate"
Given a list of printers, set printer permissions to allow for queue management
for /f "tokens=1-4 delims=," %i in (%Printer.txt%) do @c:\util\subinacl /printer \\%PrintServer%\%i /grant=%Domain%\%Group%=M
Run the 32-bit version of regsvr32 on an x64 platform to register a DLL
c:\WINDOWS\SysWOW64\regsvr32 c:\admin\util\prnadmin.dll
Run the 32-bit version of cscript that accesses a 32-bit DLL on x64
c:\WINDOWS\SysWOW64\cscript portmgr.vbs
Show the current default settings send down to clients from a printer
setprinter -show \\%printServer%\%Printer% 8
Determine users that aren’t in a group
for /f "tokens=1-3" %i in (%users.txt%) do @for /f "tokens=*" %m in ('"@dsquery user -name %i"') do @echo %m & @dsget user %m -memberof -expand @findstr /i /c:"%m" /c:"%GROUP%" & echo.
Query group membership
dsquery group -name %GROUP% dsget group -members -expand > %GROUP%.members
Check whether users are in a group (from 'Query group membership')
for /f "skip=1 tokens=1-3" %i in (%users.txt%) do @find /i "%i" %GROUP%.members >NUL & @if errorlevel 1 echo %i
Check whether users are in a group or not (from 'Query group membership')
for /f "tokens=1-3" %i in (%users.txt%) do @find /i "%i" %GROUP%.members >NUL & @if errorlevel 0 if not errorlevel 1 (echo %i Member) else (echo %i NotMember)
Return the DN of a list of users
for /f %i in (%users.txt%) do @dsquery user -name %i
Check user attributes from AD (division, department, home drive, email)
for /f "tokens=1-3" %i in (%users.txt%) do @for /f "tokens=*" %m in ('"@dsquery user -name %i"') do @for /f "tokens=1-10" %q in ('"@dsquery * %m -attr CN department division mail homeDirectory homedrive find /i /v "homeDirectory""') do @echo %q,%r,%s,%t,%u,%v,%w,%x,%y >> UserInformation.csv
Check user home drive permissions from hmDir (top-level)
for /f %i in (%users.txt%) do @for /f "tokens=*" %m in ('"dsquery user -name %i dsget user -hmdir find /i "%i""') do cacls "%m"
Check Access Based Enumeration is enabled on a top-level share
psexec \\%server% abecmd %share%
Check permissions are being inherited
for /f %i in (%users.txt%) do @for /f "tokens=1" %m in ('"dsquery user -name %i dsget user -hmdir find /i "%i""') do @for /d %p in (%m\*.*) do @echo cacls "%p"
Check ownership of files
for /f %i in (%users.txt%) do @for /f "tokens=1" %m in ('"dsquery user -name %i dsget user -hmdir find /i "%i""') do @dir %m /q/s
Run diskpart to list NTFS volumes remotely
psexec \\%server% cmd /c "echo list volume diskpart find /i "NTFS""
Find local disks other than C: and D: that are NTFS
wmic /node:"%server%" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name
Find local disks using powershell and output to CSV
Get-WmiObject -Namespace root\cimv2 -ComputerName %server% -Query "SELECT * from Win32_LogicalDisk WHERE FileSystem='NTFS' AND Description = 'Local Fixed Disk' AND Name != 'C:' AND Name != 'D:'" export-csv c:\disk.csv
Find the disks currently owned by each cluster node
for %i in (%server1% %server2%) do @wmic /node:"%i" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name find /i "%server_prefix%"
In a 2003 cluster, find each disk volume and analyse file fragmentation
for /f "tokens=2,5,6,8" %i in ('"cluster /cluster:%cluster% resource /prop find /i "disk" find /i "description" find /i "%CommonTag%""') do echo \\%i\%k %j %l>> Defrag_%i_%j.txt && psexec \\%i defrag %k -a -v >> Defrag_%i_%j.txt
From cluster defrag analysis, print out details for each cluster volume
for /f "tokens=1,* delims=:" %i in ('"findstr /i /c:%server% /c:"Total files" /c:"Volume size" /c:"Used space" /c:"Percent free space" /c:"Total fragmented files" defrag*"') do @echo %j
Use SetPrinter to capture all settings for a printer
for %i in (0 1 2 3 4 5 6 7 8 9) do setprinter -show \\%server%\%printer% %i
Find the print processor used by all printers on a print server
setprinter -show \\%server% 2 findstr /c:"pPrinterName" /c:"pPrintProcessor"
check printers are being published in the directory through setprinter
setprinter -show \\%server% 7
Report print queue current length and various performance statistics
wmic /node:"%server%" path Win32_PerfFormattedData_Spooler_PrintQueue Get Name,Jobs,TotalJobsPrinted,TotalPagesPrinted,MaxJobsSpooling,JobErrors,OutOfPaperErrors
List printer drivers on a physical or cluster Windows 2003 server
cscript drvmgr.vbs -l -c \\%server%
Find printer event log entries for the last 15 minutes
for /f %i in ('cscript //nologo c:\data\scripts\updated\time\finddatetime.vbs') do wmic /node:"%server%" path Win32_NTLogEvent WHERE "SourceName='Print' AND LogFile='System' AND EventCode=10 AND TimeGenerated > '%i'"
Find printer event log entries for the specified user
wmic /node:"%server" path Win32_NTLogEvent WHERE "SourceName='Print' AND LogFile='System' AND EventCode=10 AND User='%Domain%\\%Username%'" Get User,TimeGenerated,InsertionStrings
Query the unidrv DLL versions from a list of pingable computers in an OU
for /f %i in ('"dsquery computer %OU_DN% -limit 0 -o rdn"') do @for /f "tokens=3 delims=: " %m in ('"ping -n 1 %i find /i "reply from""') do @for /f "tokens=1-9" %q in ('"filever \\%~i\C$\windows\system32\spool\drivers\w32x86\3\uni*.dll find /i /v "\\%~i""') do @echo %i,%q,%r,%s,%t,%u,%v,%w,%x,%y
Read directories from a security template, checking if they exist
for /f "skip=2 tokens=1 delims=," %i in ('"find /i "OICI" \\%server%\%Template%"') do @if not exist \\%server%\%drive%$%~pi echo \\%server%\%drive%%~pi
Modify a printer to use the winprint processor
setprinter \\%Server%\%Printer% 2 pPrintProcessor="WinPrint"
Join output split across two lines using delayed variable expansion (cmd /v:on)
for /f "tokens=3,4" %i in ('"findstr /i /c:"printDuplexSupported" /c:"Share Name" PrintersRegQuery.txt"') do @if "%i"=="REG_SZ" (@Set Printer=%j) else (@Echo !Printer!,%i)
Process robocopy /l output to find files/data that would be copied
for /f "tokens=2,5 delims=_:" %i in (output.txt) do @If "!User!" NEQ "%i" (@Set User=%i&@Set Line=%i,%j) else (@Set Line=!Line!,%j & @Echo !Line!)
Query the Virtual Centre/VC database for Virtual Machine snapshots (GMT+10)
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select ENT.Name as 'Name', DNS_Name as 'DNS Name', Guest_OS as 'OS', Mem_Size_MB as 'Mem', IP_Address as 'IP', VM.FILE_Name as 'VMX location', VM.Suspend_Time as 'Suspend Time', VM.Suspend_Interval as 'Suspend Interval', VMS.Snapshot_Name as 'Snapshot Name', VMS.Snapshot_Desc 'Snapshot Description', DateAdd(Hour, 10, VMS.Create_Time) as 'Snapshot Time', VMS.Is_Current_Snapshot 'Current Snapshot' from vpx_vm VM inner join VPX_GUEST_NET_ADAPTER NET on VM.ID = NET.VM_ID inner join VPX_ENTITY ENT on VM.ID = ENT.ID inner join VPX_SNAPSHOT VMS on VM.ID = VMS.VM_ID
Query vmfs volumes for snapshot files from the console
ls -Ral /vmfs/volumes/*.* grep .vmsn
Query the Virtual Centre/VC database for Virtual Machine LUN attachments
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VMS.Name, TDS.Name from vpxv_vms VMS inner join vpxv_vm_datastore VVMDS on VMS.VMID = VVMDS.VM_ID inner join vpx_datastore TDS on VVMDS.DS_ID = TDS.ID Order by VMS.Name"
Query the Virtual Centre/VC database for Virtual Machine config LUN
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VMS.Name as 'VM Name', TDS.Name as 'Config Datastore', SubString(ConfigFileName, CharIndex('/', ConfigFileName, Len('sanfs://vmfs'))+1, 255) as 'Config Path' from vpxv_vms VMS inner join vpx_datastore TDS on TDS.Storage_URL = SubString(VMS.ConfigFileName, 1, CharIndex('/', VMS.ConfigFileName, Len('sanfs://vmfs'))) Order By 'Config Datastore'"
Query the Virtual Centre/VC database for volume total and free disk space
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select Name, Cast(Round(Cast(Capacity as numeric)/1024/1024/1024, -1) as int) as 'Total Space', Cast(Round(Cast(Free_Space as numeric)/1024/1024/1024, -1) as int) as 'Free Space', Type from vpx_Datastore"
Open an Excel document in read-only mode from the commandline
start excel /h /e %xls%
Query printer information from AD (speed, memory etc)
dsquery * %serverDN% -limit 0 -filter "(&(objectClass=printQueue)(objectCategory=printQueue))" -attr cn printerName driverName printCollate printColor printLanguage printSpooling driverVersion printStaplingSupported printMemory printRate printRateUnit printMediaReady
Export printer information from AD (speed, memory etc)
csvde -f Printers.csv -d %serverDN% -r "(&(objectClass=printQueue)(objectCategory=printQueue))" -l cn,printerName,location,driverName,printCollate,printColor,printLanguage,printSpooling,driverVersion,printStaplingSupported,printMemory,printRate,printRateUnit,printMediaReady
Extract B if A is found in B, otherwise report blank
for /f "tokens=1-3 delims=," %i in (a.txt) do @find /i "%i" b.csv >nul & If errorlevel 0 if not errorlevel 1 (for /f "tokens=4 delims=," %m in ('"find /i "%i" b.csv find /i "%i""') do @echo %i,%m,%j,%k) else (Echo %i,none,%j,%k)
Query SMS for computers on a particular subnet
wmic /namespace:\\root\sms\site_%sitecode% /node:"%site_Server%" path SMS_R_System WHERE "IPSubnets='%subnet%' AND Active=1'" get name
Query SMS for computers in a specific AD site
wmic /namespace:\\root\sms\site_%sitecode% /node:"%site_Server%" path SMS_R_System WHERE "ADSiteName='BNE' AND Active=1'" get name
Find the owner of a process using WMI - see who's logged on remotely
wmic /node:"%computer%" PROCESS where "caption='explorer.exe'" getowner
Convert a file to/from base64 to transmit a binary file through filters
http://www.motobit.com/util/base64-decoder-encoder.asp
Check through SNMP whether a printer supports a duplexing media path
snmputil walk %printer% public printmib.prtMediaPath.prtMediaPathTable.prtMediaPathEntry.prtMediaPathDescription
Check through SNMP the printer device model
snmputil getnext %printer% public host.hrDevice.hrDeviceTable.hrDeviceEntry.hrDeviceDescr
Disable path parsing when listing a directory
dir "\\?\c:\folder"
Find VM distribution on VMware cluster physical nodes
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "Select VH.DNS_NAME as 'Host', count(VM.HOST_ID) from vpx_vm VM inner join vpx_host VH on VM.HOST_ID = VH.ID group by VM.HOST_ID, VH.DNS_NAME order by 'Host'"
Find network information for a computer from SMS
wmic /namespace:\\root\sms\site_%sitecode% /node:"%siteserver%" path SMS_R_System WHERE Name='%computer%' get name,adsitename,IPAddresses,IPSubnets,MACAddresses
Send a Wake-on-lan magic packet on a local subnet
wolcmd 00157283E57F 192.168.0.10 255.255.255.0 7
Query the NTFS attributes of a file
nfi "C:\windows\system32\notepad.exe"
Query the Virtual Centre/VC database for VM CPU alarms
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select ALR.Created_Time, ENT.Name from vpx_alarm_runtime ALR inner join vpx_alarm AL on ALR.Alarm_ID = AL.Alarm_ID inner join vpx_entity ENT on ALR.Entity_ID = ENT.ID where AL.Name = 'Virtual Machine CPU Usage' order by created_time"
Get the lanmanserver description using SNMP
Snmputil.exe get %server% %community% .iso.org.dod.internet.private.enterprises.lanmanager.lanmgr-2.server.svDescription.0z
Query the performance counters stored in a log file
relog.exe file.blg -q
View/Modify the ACL security on spooler pipe
pipesec \\%computer%\pipe\spoolss
Report multiple named instances of SQL on a remote server
reg query "\\%server%\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft SQL Server\Instance Names\SQL
Query the group membership cache used by Group Policy
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership
Report and save the security on one or more NTFS Filesystem objects
ICACLS %object% /save %outputfile%
Reset the inherited DACL flag on an object to not protected, inherit below
setacl -on %Directory% -ot file -actn setprot -op dacl:np
Reset inherited permissions for specified NTFS objects
setacl -on %Directory%\*.* -ot file -actn rstchldrn -rst DACL
Check the first x characters from A against B, report differences (cmd /v:on)
for /f "tokens=1-4 delims=," %i in (%Source%) do @set VarA=%i & Set VarB=%j& if /i "!VarA:~0,4!" NEQ "!VarB:~0,4!" echo %i,%j,%k,%l mismatch
Set a Service Principal Name for an alias against the host computer account
setspn -A HOST/%alias%.domain.com %server%
Find the computer object advertising a specific SPN
dsquery * -filter "(&(objectClass=Computer)(objectCategory=Computer)(servicePrincipalName=*SPN*))" -attr cn servicePrincipalName distinguishedName
Register a Virtual Machine in ESX
vmware-cmd -s register "/path/to/vmx/or/vmtx"
unregister a Virtual Machine in ESX
vmware-cmd -s unregister "/path/to/vmx/or/vmtx"
Export group objects from AD to a CSV file
adfind -b "domainRoot" -f "objectclass=group" cn samaccountname -csv
Check local profiles, reporting whether they are local administrators or not
for /f %i in ('"dir /b/ad "c:\Documents and Settings""') do @for /f %m in ('"psgetsid %i 2>Nul | find /i "s-1""') do @reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\%m\GroupMembership" 2>nul | find /i "S-1-5-32-544" 1>nul & @if errorlevel 1 (@echo %i Not an Administrator or group policy entry not found) else (@echo %i Is an Administrator)
View the User Accounts control panel applet
Control Userpasswords2
Roll daily logs into monthly logs (command runs each day)
for /f "tokens=3,4 delims=/ " %i in ('echo %date%') do copy c:\logs\daily\logfile_%j%i??.csv c:\logs\monthly\logfile_%j%i.csv /y
Query printer tray configuration of printers on a cluster (HP UPD)
for /f %i in (Printers.txt) do @for /f "tokens=1,2,*" %m in ('"reg query \\%PrintServer%\HKEY_LOCAL_MACHINE\Cluster\Resources\%ClusterResourceGUID%\Parameters\Printers\%i\PrinterDriverData /v InputSlot 2>nul | find /i "InputSlot" & if errorlevel 1 echo 1 2 NotFound"') do @echo %i,%o>>PrinterTrays.txt
Use SNMP to get the printer media path, indicating simplex/duplex capabilities
for /f %i in (Printers.txt) do @for /f "tokens=3,*" %m in ('"snmputil walk %i public printmib.prtMediaPath.prtMediaPathTable.prtMediaPathEntry.prtMediaPathDescription 2>nul| find /i "value" & if errorlevel 1 echo 1 2 3 NotFound"') do @echo %i,%n
List the file screen groups for File Server Resource Manager (FSRM)
filescrn filegroup list
Directory listing of all files in bare format, excluding the the dir objects
dir \\%server%\%share%\*.* /a-d/s/b
Enable SSH client out on an ESX host firewall, permitting SCP as well
esxcfg-firewall -e sshClient
Query the ESX firewall to determine whether SSH client is allowed out
esxcfg-firewall -q | grep sshClient
Use the VI Toolkit Powershell snap-in to query for snapshots
Get-VM | Get-Snapshot | export-csv -path c:\temp\VMsnapshots.csv
Use the VI Toolkit Powershell snap-in to query for snapshot information
Get-VM | Get-Snapshot | foreach-object {$out= $_.VM.Name + "," + $_.Name + "," + $_.Description + "," + $_.PowerState; $out}
Master an ISO Image from a source directory
oscdimg -m -h -n . %Target%.iso
Enable Netlogon debugging
nltest /dbflag:0x2080FFFF
Change security on a file in the ESX service console
chmod u+rwx,g+rx,o+rx somefile
Start a remote process using Powershell/WMI
$computer = "."; ([WMICLASS]"\\$computer\root\CIMv2:win32_process").Create("notepad.exe")
Find remote drivers installed on a computer
devcon -m:\\%computer% status *
Create a floppy image from the given path
bfi.exe -v -f=test.img %path%
Extract files from a floppy image (Gilles Vollant extract.exe)
extract -e %imgfile%
Dump file and security attributes on an NTFS filesystem
filestat %file%
Check NULL sessions to see if user/group information can be enumerated
hunt.exe OR winfo.exe
Identify the DN of an Active Directory group
dsquery group -name %GroupName%
Find the current group scope of a security group
dsget group %GroupDN% -scope -secgrp
Change a group's scope to universal, a stepping stone for conversion
dsmod group %GroupDN% -scope u
Change a universal group's scope to global or local
dsmod group %GroupDN% -scope l | g
Modify the UPN for a user
dsmod user "%userdN%" -upn user@domain
Find all user accounts with a UPN, and count the DNs returned
dsquery * domainroot -filter "&(objectclass=user)(objectcategory=person)(userprincipalname=*)" -s %server% | find /i /c "user"
Find all user accounts without a UPN, and count the DNs returned
dsquery * domainroot -filter "&(objectclass=user)(objectcategory=person)(!(userprincipalname=*))" -s %server% | find /i /c "user"
Identify user accounts without a UPN to be corrected
dsquery * %OU% -filter "&(objectclass=user)(objectcategory=person)(!(userprincipalname=*))" -s %server% -scope onelevel -attr name distinguishedname > NoUPN.txt
After identifying one or more accounts without a UPN, set the UPN for each
for /f "skip=1 tokens=1,2-3" %i in (NoUPN.txt) do dsmod user "%j %k" -upn %i@%upnsuffix%
Show all replicated attributes in the AD Schema
dsquery * cn=schema,cn=configuration,DC=forestRootDomain -filter "(&(objectClass=attributeSchema)(objectCategory=attributeSchema)(!systemFlags:1.2.840.113556.1.4.803:=1))" -limit 0
Show an AD schema attribute
dsquery * cn=pwd-last-set,cn=schema,cn=configuration,DC=forestRootDomain
Bitwise AND the system-flags of a schema attribute to show if replicated
dsquery * cn=pwd-last-set,cn=schema,cn=configuration,DC=forestRootDomain -filter "!(&(systemFlags:1.2.840.113556.1.4.803:=1))"
Given a list of user CNs, find them in the directory and report homeDirectory
for /f %i in (Users.txt) do @for /f "tokens=*" %m in ('"dsquery user -name %i"') do @for /f %p in ('"dsquery * %m -attr homeDirectory -l | find /i "\\" & if errorlevel 1 Echo NoHomeDirectory"') do @echo %i,%m,%p
Disable strict name checking for a machine
reg add \\%computer%\HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters /v DisableStrictNameChecking /t reg_dword /d 0x1
Query printers for job counts >= 1
wmic /node:"%server%" path Win32_PerfFormattedData_Spooler_PrintQueue Where "Jobs>=1" Get Name,Jobs,MaxJobsSpooling,JobErrors,OutOfPaperErrors
List transports and if they are bound to NetBIOS (NetBT over TCP/IP)
browstat dumpnet
View the browse list using NetServerEnum to a domain or server
browstat view \Device\NetBT_Tcpip_{972F2574-31D4-4467-8BC0-70B3C57C1279} %domain%
Show the ACL in SDDL format using cacls
cacls c:\ /s
Add authenticated users:R to the root (not OICI) using SDDL with cacls
cacls c:\ /S:"D:PAI(A;OICI;FA;;;BA)(A;;0x1200a9;;;AU)(A;OICI;FA;;;SY)"
Query Storage Report Management global settings (file screening and quotas)
reg query HKEY_LOCAL_MACHINE\Cluster\SRM\Settings\SrmGlobalSettings /v Data
Show the current mounted volumes on the local system
mountvol OR mountvol c:\ /l
Find remote cscript processes and the scripts they are running (arguments)
wmic /node:"%computer%" path win32_process Where "Caption Like '%cscript%' " get Caption,CommandLine,CreationDate,WorkingSetSize,ProcessId
Connect to a named SQL instance through Management Studio
%server%\%instance_name%
Query an Enterprise Vault Directory database for file group information(view)
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select * from dbo.view_FileGroupAndFileGroupFile"
Query an Enterprise Vault Directory database for file group information(table)
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select FileGroupName, FileGroupDescription, FileSpecification from filegroupfile inner join Filegroup on FileGroupFile.FileGroupEntryID = FileGroup.FileGroupEntryID Order By FileGroupName"
Query an Enterprise Vault Directory database for index errors
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "Select ArchiveName, ArchiveStatus, IndexRootPath, Offline, Failed, Rebuilding, IndexedItems, FailedItems from IndexVolumeView where (rebuilding != 0) OR (Failed != 0) OR (Offline != 0)"
Extract events from a non-standard event log
wmic /node:"%computer%" path Win32_NTLogEvent WHERE "SourceName='%EventSource%' AND LogFile='%LogName%' AND EventCode=%eventcode%"
Start a process in low priority
cmd /c start "LowPriority" /BELOWNORMAL notepad "a file.txt"
Create a hardlink directory entry linking one file to another
fsutil hardlink create %NewFileLink% %ExistingFile%
create symbolic dir, file links, hard links and dir junctions Vista/2008
mklink
Add a string to an alternate stream stored as a $DATA attribute
echo this content will be stored in the file sub stream > test.txt:stream1
Add the contents of a file to an alternate data strem
type file.txt > test.txt:stream1
Create a new file in an alternate stream as part of a directory
md test & echo alternate stream > test:stream1
Display the stream
more < test.txt:stream1
Add an executable as an alternate stream attached to a directory
type c:\windows\system32\notepad.exe > test:test.exe
Run the executable in the alternate stream
cmd /c start .\test:test.exe
Retrieve the binary file from an alternate data stream (port of Unix Cat)
cat test:test.exe > note.exe
Remove an NTFS alternate data stream (does not maintain timestamps)
type test.txt>test1.txt
Delete an alternate data stream
streams -d test.txt
Dump NTFS info from the MFT for a File Record Segment (unix port)
ntfsinfo -d /dev/hda1 -i 36
Find cluster disk size and free space
echo clusnode1 > clusternodes.txt & echo clusnode2 >> clusternodes.txt & echo clusnode3 >> clusternodes.txt & echo clusnode4 >> clusternodes.txt & wmic /node:@clusternodes.txt path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name,Size,FreeSpace,VolumeName
Query HP printers for the page count using SNMP
for /f %i in (Printers.txt) do @echo %i & @snmputil walk %i public printmib.prtMarker.prtMarkerTable.prtMarkerEntry.prtMarkerLifeCount | find /i "value"
Create a security template from the given directory for SDDL secedit processing
for /d %i in (%source%\*.*) do @for /f "tokens=2" %j in ('cacls.exe %i /S') do @echo Processing %~ni & echo "%i",2,%j >> Security.txt
Make test directories from a security template
for /f "tokens=1,2,3,* delims=\," %i in ('"find /i "dir1\dir2" template.inf"') do md "c:\temp\sectest\%j\%k
Reformat the target of a security template for offline testing
for /f "tokens=1,2,3,* delims=\," %i in ('"find /i "dir1\dir2" template.inf"') do @echo "c:\temp\sectest\%j\%k,%l
Disable automatic mounting of volumes added to a 2003 system
automount disable
Remove automatic mount points for volumes that no longer exist
automount scrub
Allow Dell OpenManage Server Administrator traffic through ESX
esxcfg-firewall -o 1311,tcp,in,OpenManageRequest
Query the replicated lastLogonTimestamp attribute for password changes
dsquery user -inactive 8 -limit 0
Delete a cluster resource type
cluster restype "%resource_name%" /delete /type
Query the Virtual Centre/VC database for Virtual Machine LUN mapping and size
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select VMS.Name, TDS.Name, Cast(Round(Sum(Cast(VDISK.CAPACITY as numeric))/1024/1024/1024, 1) as int) as 'Total Disk', Cast(Round(Sum(Cast(VDISK.FREE_SPACE as numeric))/1024/1024/1024, 1) as int) as 'Free Disk' from vpxv_vms VMS inner join vpxv_vm_datastore VVMDS on VMS.VMID = VVMDS.VM_ID inner join vpx_datastore TDS on VVMDS.DS_ID = TDS.ID inner join VPX_GUEST_DISK VDISK on VMS.VMID = VDISK.VM_ID group by VMS.Name, TDS.Name Order by TDS.Name, VMS.Name"
Open the administrative tools start menu list
control admintools
Open the scheduled tasks special folder
control SCHEDTASKS
Disable hibernation
powercfg -h off
Show network interface statistics (packets/errors/bytes)
netstat -e
Find remote processes and the command-line parameters with PowerShell
Get-WmiObject win32_process | Format-Table ExecutablePath,Caption,CommandLine,CreationDate,WorkingSetSize,ProcessId
Create an IIS virtual directory
cscript C:\WINDOWS\system32\iisvdir.vbs /create "Default Web Site" %Alias% %rootPath%
Use WMIC aliases to format the output in CSV or XML
wmic process list /format:xml | wmic process list /format:csv
Use WMIC aliases to format the output in HTML TABLE, MOFCSV or XML
wmic process list /format:htable | wmic process list /format:HMOF
Use WMIC aliases to sort the output in HTML
wmic process list /format:htable:"sortby=Name" > test.html
Use WMIC aliases to filter and sort the output in CSV
wmic process get name /format:csv:"datatype=text":"sortby=Name"
Use WMIC remotely aliases to retrieve command-line process arugments
wmic /node:"%server%" process get name,CommandLine /format:csv:"sortby=Name"
Use WMIC wmic aliases to sort the result set by number
wmic Logon get /Format:htable:"datatype=number":"sortby=LogonType"
Use a custom WMIC alias to report printer info from a cluster node in CSV
wmic /node:"%server%" spoolerjobs list /format:table
Use a custom WMIC alias to report sorted HTML printer info from a cluster node
wmic /node:"%server%" spoolerjobs list /format:htable:"datatype=number":"sortby=TotalJobsPrinted"
Use a custom WMIC alias to report a brief summary of printer statistics
wmic /node:"%server%" spoolerjobs list brief /format:htable:"datatype=number":"sortby=TotalJobsPrinted"
Use a custom WMIC alias and xsl to sort print jobs output descending HTML table
wmic /node:"%server%" spoolerjobs list brief /format:"htabledesc-sortby.xsl":"datatype=number":"orderby=descending":"sortby=TotalJobsPrinted" > test.html
Query a user from AD using WMI
wmic /node:"%DC%" /namespace:\\root\directory\LDAP path ds_user where "ds_cn='%username%'" GET ds_displayName,DS_UserPrincipalName,ds_cn,ds_name,ds_whenCreated
Use WMIC to get instances of a class and format the output as CSV
wmic path win32_process get name,commandline /format:csv
Find cluster disk size and free space in CSV format
wmic /node:"%server%","%server%","%server%","%server%" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET SystemName,Name,Size,FreeSpace,VolumeName /format:csv
Find cluster disk size and free space in modified CSV format with thousand sep.
wmic /node:"%server%","%server%","%server%","%server%" path Win32_LogicalDisk WHERE "FileSystem='NTFS' AND Name != 'C:' AND Name != 'D:'" GET Name,Size,FreeSpace,VolumeName /format:csv2
Report the hosts controlled by a VirtualCentre instance
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select [Name] from vpxv_hosts order by [Name]"
Report the hosts controlled by a VirtualCentre instance
sqlcmd -S %sqlServer% -d %Database% -W -s "," -Q "select DNS_Name, IP_Address, PRODUCT_FULLNAME from vpx_host Order by DNS_Name"
Report the windows MSCS cluster virtual groups
cluster /cluster:%cluster% group /prop | find /i "description" | find /i /v "pbx" | find /i /v "cluster"
Report folders being archived from Enterprise Vault EV FSA
sqlcmd -S sqlServer%\%instance% -o ArchivedFolders.txt -d %enterprisevaultdirectory% -W -s "," -Q "select FSVP.UncName, FSVP.VolumeName, FSFE.FolderPath, FSVP.UncName + '\' + FSVP.VolumeName + '\' + FSFE.FolderPath as 'Path' from dbo.FileServerFolderEntry FSFE inner join dbo.vw_FileServer_Volume_Policy FSVP on FSFE.VolumeEntryID = FSVP.VolumeEntryID"
Report folders from the one or more servers not being archived compared to FSA export
for %i in (\\%server%\share% \\%server%\share% ) do @for /f "tokens=1-4,*" %m in ('"dir %i\* /ad /tc | find "DIR" | find "-""') do @find /i "%q" ArchivedFolders.txt >nul & @If errorlevel 1 (echo %q,%i,%m %n %o) >> NotArchived.csv
Find the current CPU utilisation for processes using WMI
wmic /node:"%computer%" path Win32_PerfFormattedData_PerfProc_Process get Name,PercentProcessorTime
Use JT to update a scheduled task's working directory
jt.exe /sac \\%computer%\c$\windows\Tasks\%Task%.job /sj WorkingDirectory = "%workingdir%"
Reset inheritance starting at a folder and recursing
icacls \\UNC\Path /reset /t /c
Open a saved printer query window
rundll32 dsquery,OpenSavedDsQuery %Config%.qds
Disable path parsing to access a file using UNC
type "\\?\UNC\server\share\path\file.txt"
Wayne's World of IT (WWoIT), Copyright 2008 Wayne Martin.
Information regarding Windows Infrastructure, centred mostly around commandline automation and other useful bits of information.
4 comments:
Wayne,
YES... w/o a doubt... I would like some of your scripts! Two that I saw while quickly looking throught "Useful command-lines" are: FindUserLogonCount.wsf and FindSubnets.bat. Hopefully you can post these too?
Thanks for this great resource
Bill
Hi Bill,
I'll start with findsubnets.bat, which is a batch file I wrote a while back now, so I've also converted it to a single-line command using delayed variable expansion (cmd /v:on).
For example, given an IP and mask, return the subnet:
for /f "tokens=1-8 delims=.- " %i in ('echo 192.168.5.200 255.255.255.0') do set /a Octet1="%i & %m" >nul & set /a Octet2="%j & %n" >nul & set /a Octet3="%k & %o" >nul & set /a Octet4="%l & %p" >nul & Echo %i.%j.%k.%l,!Octet1!.!Octet2!.!Octet3!.!Octet4!,%m.%n.%o.%p
::--
::The longhand batch file method:
:: --
@Echo Off
Set Input=%1
If /i "%Input%"=="" Goto End
for /f "tokens=1-8 delims=.- " %%i in (%Input%) do Call :FindOctet %%i %%j %%k %%l %%m %%n %%o %%p
Goto End
:FindOctet
::Echo %1 %2 %3 %4 %5 %6 %7 %8
set /a Octet1="%1 & %5" >nul
set /a Octet2="%2 & %6" >nul
set /a Octet3="%3 & %7" >nul
set /a Octet4="%4 & %8" >nul
Echo %1.%2.%3.%4,%Octet1%.%Octet2%.%Octet3%.%Octet4%,%5.%6.%7.%8
Set Octet1=
Set Octet2=
Set Octet3=
Set Octet4=
Goto End
:InvalidArgs
Echo Please provide an input filename.
Goto End
:End
Hi Wayne,
Please let me know how i can find out computers there on a particular site.
i tried your dnscmd but its throwing syntax errors.
let me know what will be the command if the zonename is test.local and subnet is 10.0.0.0
Hello, in your example of a test.local zone, you could use the following command to query all records in that zone:
dnscmd %server% /enumrecords test.local @ /additional /continue > test.txt
You could then search for 10. with:
find /i "10." test.txt
Note that depending on your mask this won't necessarily be accurate, and doesn't really map to computers in a site (just records in a DNS zone).
Post a Comment