Wednesday, April 22, 2009

Story behind the blog

This blog reflects my personal experiences, thoughts, opinions and ideas about different kind of software that a system engineer have to deal in his daily job.There were 2 reasons which made me write my blog:
- the desire to help others that have the same problem;
- the desire to have a place accesible from every computer in the world where to find my information.

Wednesday, April 8, 2009

How to force users to logon on one domain controller


The scenario is : one active directory site with two domain controllers.
Question: How to force users to logon only on one domain controller?
The answer to this question resides in the srv records priority. See here how to do it:
You can verify the priorities by dns mmc console or by using nslookup like this:

Thursday, March 26, 2009

One-liners with dsquery

Get all the members of a group:
dsquery group -name group_name dsget group -members

See all the users with their associated logon script:
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -limit 0 -attr sAMAccountName sn distinguishedName scriptPath

See the groups from Active Directory that does not have any members:
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0 -attr groupType sAMAccountName distinguishedName

See when a group was created, and membership:
dsquery * -filter "&(objectCategory=group)" -limit 0 -attr whenCreated samaccountname memberof

Check the expiration date of all users accounts in an OU:
dsquery user "OU=XXX,DC=test,DC=com" dsget user -dn -acctexpires

P.S. I see that for an unknown reason, the pipe command does not appear in my post. So, i must mention that before every dsget command in the upper scripts there is a pipe sign.

Tuesday, March 24, 2009

How to see the installed updates/fixes on a computer

Before writing this post i was aware of a single method:
systeminfo find "KB"
To do it on a remote computer, i used the combination of psexec and the upper command or
systeminfo /s %computername% find "KB"
But the output of the command is not so easily readable. Recently, i found this great article which revealed me a second method, exporting the results in html format:
So, here is the command:
wmic qfe list full /format:htable > C:\hotfixes.html
To do it on a remote computer:
wmic /node:”computername” qfe list full /format:htable > C:\hotfixes.html

How to recover from the failure of a subdomain single domain controller

Supposing that your unique domain controller from a subdomain had a hardware failure, those are the 2 steps you need to follow to recover:
1) Remove orphaned domain from Active Directory:
2) Restore the server through reinstallation of the operating system and subsequent restore of Active Directory from backup:

Monday, March 16, 2009

Get mac and installed drivers

Here is a command line that will show you the mac address of the network card of a remote computer:
getmac /S
And the following will list all the drivers on your system:
Or on a remote system:
driverquery /S

Thursday, February 19, 2009

Folder share names and permissions

How to delete the share of a folder which share name is "test share" from command line:
net share "test share" /delete
How to share a folder named "test share" with the shared name "test":
net share "test"="C:\test share"
How to make a folder named test with the shared name "test" and give everyone full access:
net share "test"="C:\test" /GRANT:everyone,FULL
Display all open shared files on a server:
net file

Friday, February 13, 2009

Customizable web error messages

With Web Page Error Toolkit, you can create pages that contain customized error messages to help users find the information they need. In fact, this toolkit is a customizable asp application that replaces the default error page on the IIS server.
See here a good review:

Thursday, February 12, 2009

Free inventory tool


I want to present the Microsoft Assesment and Planning Toolkit, a powerfull free tool which seems to be very useful in an organization.
The Microsoft Assessment and Planning Toolkit performs three key functions: hardware inventory, compatibility analysis, and reporting. It collects and organizes system resources and device information from a single networked computer and does not require users to deploy software agents on the computers that must be inventoried. MAP uses technologies already available in the IT environment to perform inventory and assessments, like: Windows Management Instrumentation (WMI), the Remote Registry Service, SNMP, Active Directory Domain Services, and the Computer Browser service.
Assessments can be completed on the following Windows platforms:
Windows Vista
Windows XP Professional
Windows Server 2003 or Windows Server 2003 R2
Windows 2000 Professional or Windows 2000 Server
Windows Server 2008
The reports generated are very friendly, with a lot of excels and comprehensive graphics. It will report you, for example, how many of your Windows 2003 Server are ready, from hardware point of view, for deploying Windows 2008 on them or how many computers in your organization have Office 2003 or Office 2007 installed.
For more information, see this link from Microsoft:
and also read the Technet blog for this tool:

Saturday, February 7, 2009

Adfind (from joeware) - part1

Export Sites from AD sites and services:
adfind -config -f "(objectClass=site)" -dn
Export sites and associated subnets:
adfind -config -f "(objectClass=subnet)" distinguishedname siteobject
Show user which have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(userCertificate=*))" -dsq
Show users whch don't have certificates:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user)(!userCertificate=*))" -dsq Show useful informations about users:
adfind -tdc -default -f "(&(objectCategory=person)(objectClass=user))"
The output of the command above is shown in the above picture.

Thursday, February 5, 2009

Fix it for me

Microsoft has created a team that works to improve the time needed to resolve any issues that we have with their products. So, if now KB articles provide us with a list of steps that can be followed to resolve our problem, since now we can click a button and have the issue resolved.
For example, see here what i mean:
Also, read here their blog:

Thursday, January 29, 2009

Query distibution groups and their members

Here is the script that will export all distribution groups in the file groups.txt and then will put these groups and their members in the file membership.txt:

dsquery * forestroot -filter "(samAccountType=268435457)" -limit 0 > groups.txt
for /f "tokens=*" %%g in (groups.txt) do @echo %%g >>membership.txt && echo Members: >>membership.txt && dsget group %%g -members -expand >>membership.txt && echo **************************************** >>membership.txt

If you want to do a query on security groups, or on distribution groups that have managers assigned and then list their members, please see my other posts from the Scripts categories called Distribution lists and managers and Security and distribution groups and easily modify the upper script.

Microsoft Web Platform Installer is now released

The Web Platform Installer (Web PI) is a simple tool that installs Microsoft's entire Web Platform, including IIS, Visual Web Developer 2008 Express Edition, SQL Server 2008 Express Edition and the .NET Framework. Using the Web Platform Installer’s user interface, you can choose to install either specific products or the entire Microsoft Web Platform onto your computer. The Web PI also helps keep your products up to date by always offering the latest additions to the Web Platform.
Supported Operating Systems are: Windows Vista RTM, Windows Vista SP1, Windows XP, Windows Server 2003, Windows Server 2008.
See here: