This isn’t so much a script as an awesome way to reset an active directory user’s password.
In this case you would need to be on the domain controller to run this:
DSQUERY USER -samid enter_username_here | dsmod user -pwd enter_new_pw_here -mustchpwd no
psexec domain_controller_ip DSQUERY USER -samid enter_username_here | dsmod user -pwd enter_new_pw_here -mustchpwd no enter_new_pw_here
To return the distinguished name for all users in an active directory domain create a new file called getdn.bat
Content:
del c:\activeUsers.txt
DSQUERY.exe * -limit 0 -filter "(&(objectCategory=Person)(objectClass=User)(!userAccountControl:1.2.840.113556.1.4.803:=2))" >"c:\activeUsers.txt"
C:\WINDOWS\NOTEPAD.EXE c:\activeUsers.txt
dsquery group -name "" | dsget group -members -expand | dsget user -fn -ln -disabled
dsquery.exe * -limit 0 -filter "(&(objectCategory=person)(objectClass=user)(mail=*))" -attr sAMAccountName name mail >"c:\PrimaryEmailAddresses.txt"
notepad "c:\PrimaryEmailAddresses.txt"
w32tm /resync
netdom query fsmo
netdom query trust
netdom query dc
ntdsutilroles Connections "Connect to server %logonserver%" Quit "selectOperation Target" "List roles for conn server" Quit Quit Quit
netdom query dc
Nltest /dclist:%userdnsdomain%
for /f %i in ('dsquery server -domain %userdnsdomain% -o rdn') do psexec \\%i ipconfig /all
dsquery computer domainroot -stalepwd 180 -limit 0
dsquery user domainroot -stalepwd 180 -limit 0
dsquery user domainroot -disabled -limit 0
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do dir \\%i\admin$\ntds
dnscmd %logonserver% /enumrecords %userdnsdomain% _tcp | find /i "3268"
dsquery * "CN=Configuration,DC=forestRootDomain" -filter "(&(objectCategory=nTDSDSA)(options:1.2.840.113556.1.4.803:=1))"
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(!scriptPath=*))"-limit 0 -attr sAMAccountName sn givenName pwdLastSet distinguishedName
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=32))"
dsquery * domainroot -filter"(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=65536))"
dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(userAccountControl:1.2.840.113556.1.4.803:=2))"
dsquery * "cn=Directory Service,cn=WindowsNT,cn=Services,cn=Configuration,DC=forestRootDomain" -attrgarbageCollPeriod tombstoneLifetime
netsh dhcp show server
Dsquery * "cn=NetServices,cn=Services,cn=Configuration, DC=forestRootDomain" -attr dhcpServers
netsh dhcp server \\DHCP_SERVER show all
netsh dhcp server \\DHCP_SERVER dump
Netsh wins server \\WINS_SERVER dump
gpotool.exe /checkacl /verbose
dsquery computer -limit 0
dsquery user -limit 0
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do setspn -L %i
dsastat ?s:DC1;DC2;… ?b:Domain ?gcattrs:objectclass ?p:999
acldiag dc=domainTree
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl sets %i
for /f %i in (‘dsquery server -domain %userdnsdomain% -o rdn’) do ntfrsutl ds %i
Dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -filter (objectCategory=Server)
for /f %i in (‘dsquery server -o rdn’) do Dsquery * -s %i domainroot -filter (objectCategory=dnsZone)
for /f %i in (‘dsquery server -o rdn’) do dnscmd %i /enumzones
Dsquery subnet ?limit 0
Dsquery OU
For /f "delims=|" %i in (‘dsquery OU’) do acldiag %i
nltest /domain_trusts /v
dnscmd DNSServer /zoneprint DNSZone
For /f %i in (DHCPServers.txt) do for /f "delims=- " %j in (‘"netshdhcp server \\%i show scope | find /i "active""’) do netsh dhcp server\\%i scope %j show clientsv5
For /f %i in (DHCPServers.txt) do netsh dhcp server \\%i show scope | find /i "active"
for /f "tokens=1,2,3 delims=," %i in (Output from ‘Find Subnets fromDHCP clients’) do @for /f "tokens=2 delims=: " %m in (‘"nslookup %j |find /i "Name:""’) do echo %m,%j,%k,%i
Echo. > TwoClientsPerSubnet.txt & for /f "tokens=1,2,3,4delims=, " %i in (‘"find /i "pc" ‘Output from Resolve DHCP clientshostnames’"’) do for /f "tokens=3 skip=1 delims=: " %m in (‘"Find /i /c"%l" TwoClientsPerSubnet.txt"’) do If %m LEQ 1 for /f %p in (‘"ping -n1 %i | find /i /c "(0% loss""’) do If %p==1 Echo %i,%j,%k,%l
dsquery * "CN=Subnets,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn siteObject description location
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn description location -filter (objectClass=site)
dsquery * domainroot -filter "(objectCategory=printQueue)" -limit 0
dsget group "groupDN" -members | dsget user -samid -fn -mi -ln -display -empid -desc -office -tel -email -title -dept -mgr
dsquery * "CN=Sites,CN=Configuration,DC=forestRootDomain" -attr cn costdescription replInterval siteList -filter (objectClass=siteLink)
w32tm /monitor /computers:ForestRootPDC
dcdiag /s:%logonserver% /v /e /c
repadmin /bridgeheads
repadmin /failcache
Repadmin /istg * /verbose
repadmin /latency /verbose
repadmin /queue *
repadmin /showconn *
Repadmin /replsummary
repadmin /showrepl * /all
repadmin /viewlist *
dsquery * "CN=NTDS Site Settings,CN=siteName,CN=Sites,CN=Configuration,DC=forestRootDomain" -attr interSiteTopologyGenerator
Dsquery site | dsquery * -attr * -filter "(|(Options:1.2.840.113556.1.4.803:=1)(Options:1.2.840.113556.1.4.803:=16))"
dsquery * forestRoot -filter (objectCategory=nTDSConnection) ?attr distinguishedName fromServer whenCreated displayName
adfind -b "cn=Configuration,dc=qraps,dc=com,dc=au" -f "objectcategory=ntdsConnection" cn Schedule -csv
for /f %i in (Output from ‘Domain Controllers’) do psinfo \\%i &filever \\%i\admin$\explorer.exe \\%i\admin$\system32\vbscript.dll\\%i\admin$\system32\kernel32.dll \\%i\admin$\system32\wbem\winmgmt.exe\\%i\admin$\system32\oleaut32.dll
For /f %i in (Output from ‘Domain Controllers’) do Reg query"\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TerminalServer" /v DeleteTempDirsOnExit
@dsquery * domainroot -filter"(&(objectCategory=Computer)(operatingSystem=Windows XPProfessional))" -limit 0 -attr cn > Workstations.txt & @For /f%i in (Workstations.txt) do @ping %i -n 1 >NUL & @if ErrorLevel0 If NOT ErrorLevel 1 @Echo %i & for /f "tokens=3" %k in (‘"regquery "\\%i\hklm\software\microsoft\windows\currentversion\grouppolicy\history" /v DCName | Find /i "DCName""’) do @for /f %m in(‘"nltest /server:%i /dsgetsite | find /i /v "completedsuccessfully""’) do @echo %i,%k,%m
dsquery * "CN=Policies,CN=System,domainRoot" -filter"(objectCategory=groupPolicyContainer)" -attr displayName cnwhenCreated gPCFileSysPath
for /f "tokens=1-8 delims=\" %i in (‘dir /b /s\\%userdnsdomain%\sysvol\%userdnsdomain%\policies\*.pol’) do @echo copy\\%i\%j\%k\%l\%m\%n\%o %m_%n.pol
for /f %i in (‘dsquery server /o rdn’) do echo %i & reg query\\%i\hklm\system\currentcontrolset\services\netlogon\parameters
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show statistics
for /f "tokens=1,2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show reccount %i
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i show info
for /f "tokens=2 delims=," %i in (WINSServers.txt) do netsh wins server \\%i dump
netsh wins server \\LocalWINSServer show database servers={} rectype=1
dsquery * "CN=Policies,CN=System,DC=domainRoot" -filter (objectCategory=groupPolicyContainer) -attr Name displayName
dsquery * -filter "&(objectCategory=group)(!member=*)" -limit 0-attr whenCreated whenChanged groupType sAMAccountNamedistinguishedName memberOf
wmic /node:%Computer% path Win32_OperatingSystem GET FreePhysicalMemory
SystemInfo /s %Computer%
chkdsk /i /c
iisweb /s %Server% /query "Default Web Site"
portqry -n %server% -e %endpoint% -v
ldifde -d cn=partitions,cn=configuration,dc=%domain% -r"(|(systemFlags=3)(systemFlags=-2147483648))" -lmsds-behavior-version,dnsroot,ntmixeddomain,NetBIOSName -p subtree -fcon
dsquery * cn=partitions,cn=configuration,dc=%domain% -filter"(|(systemFlags=3)(systemFlags=-2147483648))" -attrmsDS-Behavior-Version Name dnsroot ntmixeddomain NetBIOSName
wmic path Win32_Process WHERE Name=’notepad.exe’ GET Name,ParentProcessId
nslookup -type=srv _ldap._tcp.dc._msdcs.{domainRoot}
dsquery * cn=configuration,DC=forestRootDomain -attr whencreated -scope base
dsquery * "CN=System,DC=domainRoot" -filter "(objectClass=trustedDomain)" -attr trustPartner flatName
for /f "skip=1" %i in (‘"dsquery * CN=System,DC=domainRoot -filter(objectClass=trustedDomain) -attr trustPartner"’) do nltest /dsgetdc:%i
for /f %i in (‘dsquery server /o rdn’) do @for /f "tokens=4" %m in(‘"reg query\\%i\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v"Notification Packages" | find /i "Notification""’) do @echo %i,%m
dsquery user DC=%userdnsdomain:.=,DC=% -name %username% | dsget user -disabled -dn
dsquery * domainroot -filter "(&(objectCategory=Computer)(objectClass=Computer)(operatingSystem=*Server*))" -limit 0
rundll32 dsquery,OpenQueryWindow
rundll32 memberOf:1.2.840.113556.1.4.1941:=CN=grp-NetScalerAdmins,OU=DomainGroups,DC=snet,DC=crouse,DC=org