List of useful command for System Admnistrators

Some of these have been copied from various sites as well.

Active Directory

  • To quickly list all the groups in your domain, with members, run this command:

dsquery group -limit 0 | dsget group -members –expand

  • To find all users whose accounts are set to have a non-expiring password, run this command:

dsquery * domainroot -filter “(&(objectcategory=person)(objectclass=user)(lockoutTime=*))” -limit 0

  • To list all the FSMO role holders in your forest, run this command:

netdom query fsmo

  • To refresh group policy settings, run this command:


  • To check Active Directory replication on a domain controller, run this command:

repadmin /replsummary

  • To force replication from a domain controller without having to go through to Active

Directory Sites and Services, run this command:

repadmin /syncall

  • To see what server authenticated you (or if you logged on with cached credentials) you can run either of these commands:

set l

echo %logonserver%

  • To see what account you are logged on as, run this command:


  • To see what security groups you belong to, run this command:

whoami /groups

  • To see the domain account policy (password requirements, lockout thresholds, etc) run this command:

net accounts

Windows Networking

  • To quickly reset your NIC back to DHCP with no manual settings, run this command:

netsh int ip reset all

  • To quickly generate a text summary of your system, run this command:

systeminfo | more

  • To see all network connections your client has open, run this command:

net use

  • To see your routing table, run either of these commands:

route print

netstat -r

  • Need to run a trace, but don’t have Netmon or Wireshark, and aren’t allowed to install either one? Run this command:

netsh trace start capture=yes tracefile=c:\capture.etl

netsh trace stop

  • To quickly open a port on the firewall, run this command, changing the name, protocol, and port to suit. This example opens syslog:

netsh firewall set portopening udp 161 syslog enable all

  • To add an entry to your routing table that will be permanent, run the route add command with the –p option. Omitting that, the entry will be lost at next reboot:

route add mask –p

  • Here’s a simple way to see all open network connections, refreshing every second:

netstat –ano 1

  • You can add a | findstr valueto watch for only a specific connection, like a client ip.addr or port:

netstat –ano | findstr

  • You can use the shutdown to shutdown or reboot a machine, including your own, in a simple scheduled task like this:

shutdown –r –t 0 –m \\localhost

  • To make planned DNS changes go faster, reduce the TTL on the DNS records you plan on changing to 30 seconds the day before changes are to be made. You can set the TTL back to normal after you confirm the changes have been successful.
  • Set a short lease on DHCP scopes that service laptops, and set Microsoft Option 002 to release a DHCP leas on shutdown. This helps to ensure your scope is not exhausted and that machines can easily get on another network when the move to a new site.

Windows 7

  • Want to enable the local administrator account on Windows 7? Run this command from an administrative command prompt. It will prompt you to set a password:

net user administrator * /active:yes

  • You can do the same thing during install by pressing SHIFT-F10 at the screen where you set your initial user password.


  • To quickly launch an application as an administrator (without the right-click, run as administrator), type the name in the Search programs and files field, and then press Ctrl-Shift-Enter.

Windows 2008

  • You can free up disk space on your servers by disabling hibernate. Windows 2008 will create a hiberfil.sys equal to the amount of RAM. This is very useful with VMs that have lots of RAM but smaller C: drives. To disable hibernation, and reclaim that space, run this command:

powercfg -h off

regsvr32 query.dll [enter] You only have to do this the first time.

query session /server:servername [enter]

reset session # /server:servername [enter]

  • You can create a list of files and display the last time they were accessed, which is very useful when a network drive is low on space and users swear they have to have that copy of Office 2003 on the network. My advice? If they haven’t touched it in two years, burn it to DVD or write it to tape and then delete it from disk:

dir /t:a /s /od >> list.txt [enter]

  • You can see all the open files on a system by running this command:

openfiles /query

  • You can pull all the readable data out of a corrupt file using this command:

recover filename.ext

  • Need to pause a batch file for a period of time but don’t have the sleep command from the old resource kit handy? Here’s how to build a ten second delay into a script:

ping -n 10 > NUL 2>&1

  • If your Windows website has stopped responding, or is throwing a 500 error, and you are not sure what to do, you can reset IIS without having to reboot the whole server. Run this command:


  • You can use && to string multiple commands together; they will run sequentially.
  • If you find yourself restarting services frequently, you can use that && trick to create a batch file called restart.cmd and use it to restart services:

net stop %1 && net start %1

  • You can download a Windows port of the wget tool from here, and use it to mirror websites using this command:

wget -mk


  • You can list files sorted by size using this command:

ls –lSr

  • You can view the amount of free disk space in usable format using this command:

df –h

  • To see how much space /some/dir is consuming:

du -sh /some/dir

  • List all running processes containing the string stuff:

ps aux | grep stuff

  • If you have ever run a command but forgot to sudo, you can use this to rerun the command:

sudo !!

  • If you put a space before a command or response, it will be omitted from the shell history.
  • If you really liked a long command that you just ran, and want to save it as a script, use this trick:

echo “!!” >

  • shutdown /r /o” command, which restarts your PC and launches the Advanced Start Options
  • sfc /scannow” – scan the file integrity
  • tasklist – taks manager
  • taskkill -pid – to kill specific task
  • powercfg – power management utility powercfg /hibernate off -to switch off hibernate option
  • tracert (IP) – tracks how much time each hop between servers or devices takes
  • pathping – advance version of ping command
  • ping – connectivity checking utility
  • netstat -an – shows currenlty open ports
  • ipconfig /all – shows all network interfaces configuration
  • fc – file compare
  • driverquery – shows computer driver information
  • cipher /w:c:fraps – remove files from hard drive permanently without ability to recover these files.
  • sigverif – checking system integrity to check if all system files are digitally signed
  • nslookup – checking dns name resolution is working
  • telnet – this can be used check if you can connect to services/ports over the network

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s