Must Have Active Directory Commands

Filed Under (Active Directory, FSMO) by on 19-01-2010

I’ve pulled together a list of commands that can be used to help gather information from Active Directory.  Sure there are plenty of commands out there but the following are the ones that I use and stored into my own mental memory banks…no jokes on the lack of memory banks either  :,,)

Viewing local and remote FSMO roles:

local – netdom query fsmo

remote – netdom query /domain:%domainname% fsmo

List of your Domain Controllers:

Nltest /dclist:%userdnsdomain%

Cool stuff with groups

Determine the current group scope of a security group
dsget group %GroupDN% -scope –secgrp

Change a group”s scope to universal
dsmod group %GroupDN% -scope u

Change a universal group”s scope to global or local
dsmod group %GroupDN% -scope l | g

Leave a Reply