Home » Active Directory » Active Directory Command-Line Tools



Active Directory Command-Line Tools

Active Directory Command-Line Tools-netdom,dsquery,gpupdate

Many of the operations that can be performed with these command line tools can NOT be performed in a graphical environment, so their use is of great importance to the administration of the Windows server Active Directory (AD) domain services.

Start -> Run -> CMD (Run as Administrator)

1 – List all the groups in domain, along with members of the groups:

dsquery group -limit 0 | gsget -members -expand

2 – Find all users that have set their account with a non-expiring password, run this commnd:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

3 – Check Active Directory replication on a domain controller:

repadmin /replsummary

4 – Force replication from a domain controller without Active Directory Sites and Services console:

repadmin /syncall

5 – List all FSMO (Flexible Single Master Operations ) role holders in the forest:

netdom query fsmo

Tip: for more netdom command line tools:

netdom /?

6 – Refresh group policy settings:

gpupdate ( gpupdate /force  –  force updating group policy )

7 – See the account that you are logged on as:


8 – See what server authenticated you (or you can see if you are logged on with cached credentials ), you can run one of the following commands:

set l

echo %logonserver%

9 – See what security groups you belong to:

whoami /groups

10 – See the domain account policy (password requirements, lockout duration, lockout thresholds, etc):

net accounts


Praveen Kumar


Leave a comment

Translate »