Changing the DHCP scope subnet mask Change the subnet mask in the existing DHCP scope You can’t change the subnet mask of the DHCP scope directly without deleting the scope, need to delete the DHCP scope first then recreate the scope with the new subnet, but this will lead to the large amount of manual… Read More »
Command to add members of one group to the other group (Group migration) If you want to add all the members from group1 to the group2 user the below command syntex: dsget group “Source group DN” -members | dsmod group “Destination group DN” -addmbr Example: dsget group “CN=Group1,OU=Test,DC=test,DC=com” -members | dsmod group “CN=Group2,OU=Test,DC=Test,DC=com” -addmbr Check… Read More »
Members from Nested Group To display the list of members, recursively expanded In the below command, you can extract the group membership details, if you have a group that member of this group then this command will extract all the members including the nested groups(group with in the group) So you will get all the… Read More »
To find all users in only the current domain, who have been inactive for 3 weeks or more, and display their DNs: dsquery user domainroot -name -inactive 3
To extract all the users in the OU with the Password never expires details, we can user Dsquery or CSVDE commands Use the blow command to find and export users with Password never expires in Active Directory Dsquery command dsquery user “OU=Test,DC=test,DC=com” -limit 0 | dsget user -pwdneverexpires >c:tempUsers.txt dsquery user “OU=Test,DC=test,DC=com” –o rdn -limit… Read More »
Bulk reporting from AD (Part 1) Extracting the object information from AD is the frequent task for active directory administrators, most of the administrator’s uses script to do the task, but we can use the simple command to extract bulk object from AD If you want specific attribute details for all the users from TEST… Read More »
If you are working with command-line tools to manage the active directory then you will require an LDAP path as an input for the commands (like dsget, dsmod), how to find the LDAP path? or LDAP DN To know more about LDAP and LDAP Query, like the difference between Distinguished Name (DN) and Relative Distinguished… Read More »
How to verify KCC disabled, do you know ISTG is enabled or disabled for you active directory sites, you check the ISTG status using below command command Verify KCC status on intersite (by default KCC enabled) dsquery site -name Default-First-Site-Name | dsget site –autotopology autotopologynodsget succeeded Note: If automatic inter-site topology generation is enabled (yes)… Read More »
Command to find the site name for given DC Command to find site name for the given domain controller dsquery server test01 -site domain controller name = test01
Command to find all DCs in the given site Command to find all the Domain Controllers in the “Default-First-Site-Name” site dsquery server -o rdn -site Default-First-Site-Name Site name = Default-First-Site-Name
