dn: OU=Printers,OU=Ostrava,DC=training,dc=te changetype: add objectClass: organizationalUnit
ldifde -d "OU=Accounts,DC=domain,DC=tld" -r "(objectClass=group)" -l "objectClass,cn,description,distinguishedName,name,sAMAccountName,groupType,objectCategory" -f groups.ldif
ldifde -i -v -k -f groups.ldif -c "OU=Accounts,DC=domain,DC=tld" "OU=Accounts,DC=newDomain,DC=tld" -j logs
repadmin /failcache
repadmin /istg repadmin /kcc
repadmin /latency servername
repadmin /showvector /latency DN_partition (dn=atd..) repadmin /notifyopt servername DN_domeny
repadmin /syncall
repadmin /options servername + DISABLE_OUTBOUND_REPL
repadmin /options servername - DISABLE_OUTBOUND_REPL
repadmin /replsummary servername
repadmin /showrepl /csv > %computername%.txt
repadmin /showtime
netdom query /domain:jmeno_domeny fsmo
net user username heslo /add
net localgroup Administrators username /add
auditpol /get /category:*
nltest /domain_trusts
nslookup -type=SRV _ldap._tcp.pdc._msdcs.domain.tld dns_server
nslookup -q=SRV _kerberos._tcp.domain.tld dns_server nslookup -q=SRV _kerberos._udp.domain.tld dns_server
nslookup -type=SRV _ldap._tcp.dc._msdcs.example.tld dns_server
dnscmd . /zoneadd domena.tld /forwarder IP_1 IP_2
dnscmd . /zonereload domena.tld
dnscmd . /zoneexport domain.tld file.txt
dnscmd . /RecordAdd domain.tld servername A 10.1.1.2
dnscmd . /recorddelete domain.tld hostname A
Ntdsutil roles Connections Connect to server %computername% Quit select Operation Target List roles for connected server Quit Quit Quit
w32tm /config /syncfromflags:domhier /update net stop w32time && net start w32time
w32tm /debug /enable /file:c:w32time.log /size:10000000 /entries:0-116 w32tm /debug /disable
w32tm.exe /ntte 131001091660000000
ntfrsutl forcerepl local_DC /r "domain system volume (sysvol share)" /p remote_DC.contoso.com
wmic nicconfig get caption,index,TcpipNetbiosOptions
wmic nicconfig where index=8 call SetTcpipNetbios 2
0 – Use NetBIOS setting from the DHCP server 1 – Enable NetBIOS over TCP/IP 2 – Disable NetBIOS over TCP/IP
netsh interface ipv4 show subinterfaces
netsh interface ipv4 set subinterface "Network Name" mtu=1500 store=persistent
netsh -c interface ipv4 add neighbors "jmeno_sítě" "(IP)x.x.x.x" "(MAC)xx-xx-xx-xx-xx-xx" store=persistent
for %a in (*.*) do ren "%a" "prefix_%a"
route add -p 10.0.5.0/24 0.0.0.0 IF 37
bcdedit /set {default} recoveryenabled No bcdedit /set {default} bootstatuspolicy ignoreallfailures
dism /online /Enable-Feature /FeatureName:TelnetClient
wmic qfe list full /format:htable > hotfixes.htm
wmic qfe list full /format:csv > hotfixes.csv
Při zobrazení chyby 'Invalid XSL format (or) file name.' je potřeba specifikovat cestu k .XSL souboru (jedná se o chybu ve WMIC):
wmic qfe list full /format:"%WINDIR%\System32\wbem\en-us\htable"
wmic qfe list full /format:"%WINDIR%\System32\wbem\en-us\csv"
dism /online /get-packages
Dotaz, zda má být patch odinstalován:
wusa /uninstall /kb:4483458
Bez interakce s uživatelem, server restartuje, pokud je to vyžadováno:
wusa /uninstall /kb:4483458 /quiet
Bez restartu:
wusa /uninstall /kb:4483458 /quiet /norestart
V kombinaci s /quiet
se objeví informace před restartem:
wusa /uninstall /kb:4483458 /quiet /warnrestart
V kombinaci s /quiet
jsou vynuceně ukončené aplikace a server restartuje:
wusa /uninstall /kb:4483458 /quiet /forcerestart
certutil -dcinfo verify
New-SelfSignedCertificate -KeyLength 2048 -KeyAlgorithm RSA -DnsName "*.test01.local", "*.test02.local" -CertStoreLocation "cert:\LocalMachine\My" -KeyExportPolicy Exportable -NotAfter (Get-Date).AddMonths(120) -DnsName // první je CNAME, další SANs
New-SelfSignedCertificate -CertStoreLocation cert:\currentuser\my ` -Subject "CN=Jméno certifikátu" ` -KeyAlgorithm RSA ` -KeyLength 2048 ` -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" ` -KeyExportPolicy Exportable ` -KeyUsage DigitalSignature ` -Type CodeSigningCert ` -NotAfter $([datetime]::now.AddYears(10))
get-childitem cert:\CurrentUser\my -codesigning
$cert = @(Get-ChildItem cert:\CurrentUser\My -codesigning)[0] Set-AuthenticodeSignature -HashAlgorithm sha256 file.ps1 $cert
Enable-TlsCipherSuite -Name "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
Disable-TlsCipherSuite -Name "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"
"C:\Program Files\Wireshark\uninstall.exe" /S
Get-ChildItem -Path c:\ -Recurse | Get-FileHash | Export-Csv C:\fileHash.txt
(Get-WmiObject -class Win32_TSGeneralSetting -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0)
diskshadow
list shadows all
DELETE SHADOWS all