Jun 6, 2014 -
Active Directory, General, Windows 2003, Windows 2008, Windows 2012
No Comments


Some quick command line tools for AD
1. To quickly list all the groups in your domain, with members, run this command:
dsquery group -limit 0 | dsget group -members –expand
2. To find all users whose accounts are set to have a non-expiring password, run this command:
dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0
3. To list all the FSMO role holders in your forest, run this command:
netdom query fsmo
