I always have to look this up, I’m not sure what is going on with my memory: dsquery user forestroot -name search When you are working on large Active Directories this is somewhat handy. Just replace search with the name you are after, helpfully it supports wildcard.

You have a few options for doing this especially if you are using something like WSUS. However if you aren’t, then a registry change via group policy or logon script is probably the best option. Here is a a registry file that will block automatic upgrade to internet explorer 8 and 9: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\8.0] "DoNotAllowIE80"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Setup\9.0] "DoNotAllowIE90"=dword:00000001 If you are only interested in blocking one version of internet explorer then just remove the appropriate lines.

Use netdom to find where the current FSMO roles are assigned in Active Directory: netdom query fsmo This will return something like: Schema master DC01.local Domain naming master DC02.local PDC DC01.local RID pool manager DC02.local Infrastructure master DC01.local The command completed successfully. The ‘netdom query’ command can also return other useful information. Valid types include: Server, Workstation, DC, OU and Trust

There a quite a few ways of finding the Fuctional levels of Active Directory. Dsquery is a good option as it usually is distributed with windows. This will give you the Domain Functional Level: dsquery * DC=DOMAIN, DC=LOCAL -scope base -attr msDS-Behavior-Version ntMixedDomain Replace DOMAIN and LOCAL with your directory details. You can check the result with the following table: 0, 0 Windows 2000 Native domain Level 0, 1 Windows 2000 Mixed domain Level 2, 0 Windows 2003 Domain Level 3, 0 Windows 2008 Domain Level 4, 0 Windows 2008 R2 Domain Level To find the Active Directory Schema Version:

From link: The Microsoft Exchange 2000 schema defines three non-Request for Comments (RFC)-compliant attributes: houseIdentifier, Secretary, and labeledURI. The Microsoft Windows 2000 InetOrgPerson Kit redefines the Secretary attribute and the labeledURI attribute. The adprep /forestprep command in Microsoft Windows Server 2003 has redefined all three attributes as described in Request for Comments (RFC) 2798. If Exchange 2000 created these three attributes before you ran the Windows 2000 InetOrgPerson Kit, the LdapDisplayName attribute for the houseIdentifier attribute becomes conflicted or mangled after the new RFC-compliant definitions are added by Windows Server 2003 adprep /forestprep replication.

Use the following: dsquery user -samid "username" | dsget user -memberof -expand The -expand option will include nestled groups.

Get hold of the excellent Quest Free PowerShell Commands for Active Directory, then once installed use the following command from the powershell (Quest) console: Get-QADGroupMember group name -Indirect | select name, email Change group name to the AD group you are interested in querying. Indirect will give you results from nestled grouping. This works for distribution groups as well as other types. Use the following to output the results to a csv file:

Ldifde -d DC=domain,DC=co,DC=uk -r (&(mailnickname=*)) -l proxyAddresses -f Report.txt

If you want to export AD info as CSV then csvde is the cmd for you, for example: csvde -s clyde -f users.csv -r objectClass=user -l givenName, sn, name, sAMAccountName

This is a quick way to search Active Directory from the cmd line: dsquery user -name * -limit 0 Just pop the name or name + wildcard where the * is. If you want to reduce the output to the relative distinguished name then just add: dsquery user -name * -limit 0 -o rdn