Finding the source for locked AD account from Event Viewer log on Domain controller

It’s actually really simple, but you’ll need administrator access on the domain controller in order to read the security event log so you might have to consult upper sys admins.

It seems to not want to filter/sort by username though so if you’re managing a huge enterprise with thousands of users this could be a bit tedious. On the other side, if that’s the case I suppose you already have better tools for the job.

Anyway, all invalid login attempts are logged as event id 4776 (Credential Validation).

  1. Open Event Viewer and connect to domain controller
  2. Go to Windows Logs -> Security
  3. Click on Filter Current Log... in the right navigation menu
  4. Enter 4776 into the input field which says <All Event IDs>
  5. Browse through the invalid login attempts till you find the one which belongs to your user and look in the description text field where it says “Source Workstation:    hostname”

MS Cheatsheet

List TCP/IP interfaces on remote computer

netsh -r "hostname" interface ipv4 show interfaces


Get Windows OEM license key

wmic path SoftwareLicensingService get OA3xOriginalProductKey


List environment variables

set

Filter output

set prog


Install .NET Framework 3.5 on Windows 10

Online version:
DISM.EXE /Online /Add-Capability /CapabilityName:NetFx3~~~~

Offline version (requires .cab installer for the .NET framework):
DISM.EXE /Online /Add-Package /PackagePath:C:\Temp\microsoft-windows-netfx3-ondemand-package.cab


Kill a non responding task from command prompt

taskkill /F /IM taskname.exe

/F = Force kill (ignores any prompts etc)

/IM = Image Name (name of process)


Generate WLAN report (run as admin)

netsh wlan show wlanreport

» See an example report here


List all server shares on local domain network

net view /all /domain:company.com


Message (aka net send)

msg /server:hostname username

Example:

msg /server:pc01 johndoe


List all local MAC addresses

getmac /v


Map network share

net use x: \\server\share /user:domain\username password


Remote sysinfo

msinfo32 /computer hostname


See uptime (and more)

net stats srv

if not available, use

net stats workstation


Show Domain Controllers in domain

nltest /dclist:example.com


Set Environment variable on remote computer

setx /s hostname /u domain\user /p pw variable value

Example:

setx /s PC1234 /u itdb\kek /p 123456 JAVA_HOME "C:\Program Files\Java\jre1.8.0_73"


See Windows license expiration information

slmgr /xpr

Alternatively run slmgr /dli for detailed information about your Windows license

For remote computers: slmgr hostname username password /dli


Useful Windows utilities which you can start from the RUN prompt

  • lusrmgr.msc (Local Users Management)
  • sysdm.cpl (System Properties)
  • appwiz.cpl (Programs & Features)
  • eventvwr (Event Viewer)
  • compmgmt.msc (Computer Management)
  • printmanagement.msc (Print Management)
  • devmgmt.msc (Device Management)
  • services.msc (Services)
  • taskschd.msc (Task Scheduler)

 

This post will be continually updated with useful tips for remote troubleshooting and various tools for Microsoft environments

 

Related posts:

CRON Cheatsheet

Powershell Snippets

Linux Cheatsheet

 

mtsc.exe blocks Alt Gr

From time to time my Alt Gr button seems to stop working, which I use for several special characters like @.

Turns out the problem is related to the process mstsc.exe (Microsoft Windows Remote Desktop).

Solution: Close any RDP windows you have open (no need to logout, just close them). Voila, Alt Gr works as intended again. Now you can reopen them and hope it doesn’t happen again.

You should also be aware of the temporary solution: Pressing CTRL + ALT is the same as Alt Gr – in case you can’t close the current RDP windows for any reason.

This minor, yet very infuriating issue, has been present at my computer(s) for several years, both Windows 7 and Windows 10.

List members of AD group

Example

Open the Powershell shell (pun intended) on your domain controller and run the following command:
Get-ADGroupMember 'groupname'

This will list all members of the ‘groupname’ group in your shell. List pipe it into a text file instead:
Get-ADGroupMember 'groupname' > list.txt

We don’t need those unecessary columns though, so let’s just list the NAME column and nothing else:
Get-ADGroupMember 'groupname' | select name > list.txt

Troubleshooting

Run the shell as admin…