You are here: Foswiki>KnowledgeBase Web>WindowsCommandsServers (06 Feb 2025, GeorgiosKontos)Edit Attach

Windows Commands about servers

Get-DHCPServerv4scope | Get-DHCPServerv4Lease # show DHCP leases

Time Synchronization for Windows Servers and Clients

In a domain all clients get time from DC

VM(Guests) get time from the hypervisor

Primary Domain Controller should be configured like this (Receive time from external source):

net stop w32time
w32tm /config /syncfromflags:manual /manualpeerlist:"IP.OF.NTP.SERVER.ON.YOUR.LAN.IF.ANY gr.pool.ntp.org"
w32tm /config /reliable:yes
net start w32time
w32tm /config /update
w32tm /resync /rediscover

You can test status with

w32tm /query /configuration
w32tm /query /status #It's different to /monitor because it shows the status of the external sync

All other DCs should be configured like this:

w32tm /config /syncfromflags:DOMHIER /update

Special Case: DC as VM

You must stop the guest from syncing time from it's host by executing this on the hyper-v

Get-VMIntegrationService -VMName "GuestName" -Name "Time synchronization" | Disable-VMIntegrationService

(on the hyperv host) You can get the status of syncing with this:

Get-VMIntegrationService -VMName "GuestName" -Name "Time synchronization"

A few more commands

Diagnose timezone issues

tzutil /g # Displays the current time zone ID

tzutil /s "GTB Standard Time" # Sets the current time zone for Greece/Turkey/Boulgaria

Restart Windows Time service

The Windows Time service must be set to start automatically.

Reset trust relationship (run as LOCAL admin on the affected PC) 

$dc="azdc01"
$domain="mazars-gr.local"
$adminname="gkontos-admin"
Reset-ComputerMachinePassword -Server $dc -Credential $dc\$adminname
Test-ComputerSecureChannel -Repair -Credential $dc\$adminname
nltest /sc_verify:$domain

Sync time with Domain Controller 

W32tm /resync /rediscover # rediscover the DC

W32tm /resync /force # force resync now

If you get an error "The computer did not resync because no time data was available" view this topic

Other Things to consider

Sync to internet time 

w32TM /config /syncfromflags:manual /manualpeerlist:0.europe.pool.ntp.org

w32tm /config /update

w32tm /resync

About Domain Controllers

Remove a Computer from the Domain

Execute this command from a domain controller:
  1. Open a command prompt.
  2. Type net computer \\computername /del, then press “Enter“.

Get info about AD items 

# search ALL properties of ALL AD user/object for a MAGIC STRING
# THIS IS THOROUGH BUT CAN BE SLOW
Get-ADUser -Filter * -Properties * | Out-String -Stream | sls "MAGIC STRING" 

# print all non-empty properties of a user/object based on its name
Get-ADUser "ndemou" -Properties * | Out-String -Stream | ?{$_ -notmatch ': *$|: {}$'}

Last logins per user/computer

(see also oldcmp a tool to print list of accounts that haven't been used for a while. ) 

Get-ADComputer -Filter * -Properties * | Sort LastLogonDate | FT Name, LastLogonDate -Autosize

Name            LastLogonDate
----            -------------
RPS0143-PC      31/8/2015 4:31:00 μμ
RPS0136-PC      21/9/2015 3:07:22 μμ
RPS0113         21/12/2015 9:56:49 πμ
...

Get-ADUser -Filter * -ResultPageSize 0 -Prop CN,samaccountname,lastLogonTimestamp | Select CN,samaccountname,@{n="lastLogonDate";e={[datetime]::FromFileTime($_.lastLogonTimestamp)}} | ft -AutoSize

CN                          samaccountname   lastLogonDate
--                          --------------   -------------
Administrator               Administrator    18/4/2019 1:36:14 μμ
Nick Papadopoulos           n.papadopoulos   15/4/2019 5:55:34 μμ

List of last domain logins (user/computer) 

#-----------------------
# Find DC list from Active Directory
$DCs = Get-ADDomainController -Filter *
 
# Define time for report (default is 1 day)
$startDate = (get-date).AddDays(-7)
 
# Store successful logon events from security logs with the specified dates and workstation/IP in an array
foreach ($DC in $DCs){
echo "Quering DC $DC"
$slogonevents = Get-Eventlog -LogName Security -ComputerName $DC.Hostname -after $startDate | where {$_.eventID -eq 4624 }}
 
# Crawl through events; print all logon history with type, date/time, status, account name, computer and IP address if user logged on remotely

echo "Filtering results"
$cnt=1
foreach ($e in $slogonevents){
   # Logon Successful Events
   # Local (Logon Type 2)
   $e_type=$e.ReplacementStrings[8]
   $e_user=$e.ReplacementStrings[5]
   $e_ws=$e.ReplacementStrings[11]
   $e_ts=$e.TimeGenerated
   
   if (($e_user -ne "ANONYMOUS LOGON") -and ($e_ws -ne "-") -and ($e_ws+'$' -ne $e_user)) {
       write-host "$e_ws`t$e_type`t $e_user`t$e_ts"
       $cnt += 1
   }

}
#--------------------------

Get a list of AD accounts

Get name and email for all users (all because of -Filter *) 
Get-ADUser -Filter * -Properties EmailAddress | Select Name,EmailAddress

Get specific data about all users 
Get-ADUser -Filter * -Properties Company, DisplayName, Department, GivenName, EmailAddress, Title, Surname | Select name, Company, DisplayName, Department, GivenName, EmailAddress, Title, Surname | ConvertTo-Csv | Out-File details.csv

Get ALL data about all users (in large domains be carefull) 

Get-ADUser -Filter * -Properties * | ogv

Change Evaluation to Standard

If your CD key is evaluation and you want to change th Windows key run the following Command

DISM /online /Get-CurrentEdition.

says serverstandardeval

DISM /online /Set-Edition:serverstandard /ProductKey:XXXXX-XXXXX-XXXXX-XXXXX-XXXXX /AcceptEula

About file sharing

For file servers 

# Get a list of all open shared files
#--------------------------------------
net files 
net files 1234 # 1234 is a file id from "net files" to get more info
# there's also openfiles but it's not as good as net files

# list shares
#---------------------------------------------
net share                         # DOS & PowerShell
Get-WmiObject -Class Win32_Share  # PowerShell only
net view \\ServerName             # view shares on another PC

# list share rights for every share 
# see https://gallery.technet.microsoft.com/scriptcenter/List-Share-Permissions-83f8c419

# delete shares from C:
#---------------------------------------------
net share christosscans$ /delete

# create a share with proper permissions
#---------------------------------------------
New-SmbShare -Name christosscans$ -Path K:\fserver\christosscans$  -FullAccess Administrators,management -ReadAccess logistirio2

For file clients

net use (manage mapped network shares)

TEMPORARILY map a share to a drive letter (until logout) 
net use Z: "\\MyServer\MyShare"

PERMANETLY map a share 
net use Z: "\\MyServer\MyShare" /savecred /persistent:yes

UN-MAP a permanetly maped share 
net use Z: /delete

**NOT RECOMENDED** BUT You can specify username and password 
net use X: "\\MyServer\MyShare" SuperSecretPassword /user:MyDomain\MyUserName

Get a list of all the shares currently maped: 
net use

Stored Credentials

On a workstation that accesses file shares you can get a list of all the stored credentials with: 

# list stored credentials
cmdkey /list

Net Use (list, map & unmap network shares)

Edit  | Attach | Print version | History: r9 < r8 < r7 < r6 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r9 - 06 Feb 2025, GeorgiosKontos
Copyright © enLogic