With the native NET command:
NET USER loginname /DOMAIN | FIND /I "Account active"
The account is either locked ("Locked") or active ("Yes").
With the native NET command:
NET USER loginname /DOMAIN | FIND /I "Account active"
The account is either locked ("Locked") or active ("Yes").
With the native NET command:
NET USER loginname /DOMAIN | FIND /I "Password last set"
With the native NET command:
NET USER loginname newpassword /DOMAIN
With (native) Windows Server 2003 commands:
DSQUERY USER -samid loginname | DSMOD USER -pwd newpassword
Note: | To prevent the new password from being displayed on screen replace it with an asterisk (*); you will then be prompted (twice) to type the new password "blindly". |
One could use the previous command to check what permissions a user has on a certain directory.
However, sometimes SHOWACLS from the Window Server 2003 Resource Kit Tools is a better alternative:
CD /D d:\directory2check
SHOWACLS /U:domain\userid
With the native NET command:
NET USER loginname /DOMAIN | FIND /I " name "
With (native) Windows Server 2003 commands:
DSQUERY USER -samid *loginname* | DSGET USER -samid -display
Note: | The NET command may seem more universal, because it requires neither Active Directory nor Windows Server 2003 commands, but it is language dependent! For non-English Windows you may need to modify FIND's search string. |
In Windows NT 4 and later, users usually are members of global groups. These global groups in turn are members of (domain) local groups. Access permissions are given to (domain) local groups.
To check if a user has access to a resource, we need to check group membership recursively.
With (native) Windows Server 2003 commands:
DSQUERY USER -samid loginname | DSGET USER -memberof -expand
My collegues often forget to mention their logon account name when calling the helpdesk, and the helpdesk doesn't always ask either. I suppose they expect me to know all 1500+ accounts by heart.
With (native) Windows Server 2003 commands only:
DSQUERY USER -name *lastname* | DSGET USER -samid -display
Note: | Windows Server 2003's "DSTools" will work fine in Windows 2000 and XP too, when copied. Keep in mind, however, that some Windows Server 2003 Active Directory functionality is not available in Windows 2000 Active Directories. |