Skip to content

Active Directory tips

Henryk Paluch edited this page May 19, 2019 · 7 revisions

Here are few commands that you may find useful.

Commands on AD client machine

All commands below were tested on XP SP3 joined to AD domain (served with Win2008R1/32-bit trial - to save memory) logged with domain user.

To see your AD account details and membership:

net user %username% /domain

WARNING!

The Local Group Memberships seems to be unreliable - there is no membership shown for domain user even when it is NOT empty. Therefore use rather gui app compmgmt.msc - node Local Users and Groups

To see applied policies:

gpresult

Apply policies

gpupdate /force

Give Admin rights to specific AD user on specific PC

It is not so easy as one would expect - possible solution is to use so called Group Policy Preferences. There is very good guide: Use GPO to set user as a local administrator on a single computer

Important NOTE for XP SP3 users!

You need to install Group Policy Preference Client Side Extensions for Windows XP (KB943729) to support Group Policy Preferences on XP - as pointed out in another article Manage Local Active Directory Groups using Group Policy Preferences - I strongly recommend to read whole 4 part series written by Petri.

Resources

Clone this wiki locally