This post is a collection of some of the more commonly used command line utilities when doing basic troubleshooting in a Windows domain environment.
To open a command window within a directory from Windows Explorer, hold the Shift key and right-click on the directory, then choose “Open command window here”.
Displays the name of the current directory or changes the current folder.
Used within a command window to change the current active directory, allowing navigation through the computer’s mapped drives and their directory structures.
Displays the current directory path.
Moves to the root of the current drive.
cd /d e:
Moves to the E: drive from another drive. It’s also possible to move to a different drive by typing only the drive letter followed by a colon, ex: D:
Moves to the parent directory of the current directory (move up one directory toward the root).
cd “People to sue next”
Moves from the current directory into the subdirectory named “People to sue next”. A handy trick is to just type the first few characters of the directory name, and then hit the tab key to auto-complete the rest of the directory name from the first alphabetical match found, and even wrap it in double quotes if it contains spaces. For example, the same command as above can by typed: cd peop <tab>
If the current directory contains multiple matches for the characters typed, hitting tab again will cycle to the next match.
The tab method can be used more than once, to chain together a series of directories. For example, to move to the C:\Users\Public\Documents directory from a command prompt at the root of C:, one can type: cd u <tab> p <tab> d <tab> <tab> <enter>
Displays a list of a directory’s files and subdirectories.
Displays the directories and files in the current directory.
Displays the directories and files in the current directory and all sub directories.
Dir can also be used to search for a file, and in many cases it works better than the Windows Explorer search.
dir c:\findme.txt /s
Displays a list of all instances of a file named “findme.txt” on the C: drive. It’s also possible to navigate to a location, such as the root of C:, and type: dir /s findme.txt to search that location and all subdirectories for a file named “findme.txt”.
Wildcards are allowed in the form of an asterisk. For example, type: dir c:\*.doc /s to search the C: drive for all files with a .doc or .docx extension (I’m not sure why it also locates .docx files, when there is no wildcard specified at the end of the extension, but it does).
Another command line utility for searching for files is where, but the syntax is slightly more complicated.
Refreshes local and Active Directory-based Group Policy settings, including security settings.
If you absolutely must reapply all settings, you can use the /force switch. After reading about the difference between gupdate and gpupdate /force, I now feel that gupdate is sufficient to reapply group policy nearly all of the time, and the /force switch shouldn’t automatically be used.
Reapplies group policy.
Displays Group Policy settings and Resultant Set of Policy (RSOP) for a user or a computer.
Displays RSoP summary data, which includes the last time group policy was applied, from which server group policy was applied, and the groups for which the current user is a member.
gpresult /h gpreport.html
Generates a report of the applied group policy settings and saves it in HTML format as a file named gpreport.html. When generating a report as a user that is not a local administrator, either supply a full path to a valid location for gpreport.html, or navigate to a location (like the Public Documents directory) before running the command, or else the utility may be unable to create the report due to insufficient rights to the current directory.
Displays all current TCP/IP network configuration values and refreshes Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) settings. Used without parameters, ipconfig displays the IP address, subnet mask, and default gateway for all adapters.
Display the computer’s IP address and default gateway, for each network adapter.
Displays full TCP/IP information, including the MAC address, DHCP server, and DNS servers, for each network adapter.
Connects a computer to or disconnects a computer from a shared resource, or displays information about computer connections. The command also controls persistent net connections. Used without parameters, net use retrieves a list of network connections.
Lists all of the computer’s connections (mapped network drives).
net use e: \\ComputerName\ShareName
Maps the E: drive to the ShareName shared resource on the ComputerName computer. To map the local E: drive to the C: drive (which is a hidden share) of a remote machine named Loomer, type: net use e: \\loomer\c$
net use e: /delete
Removes the connection currently mapped to the local E: drive.
If you are connecting to a network share that your regular account does not have rights to access, you will be prompted for a username. You will need to also supply the domain, ex: domainusername
Displays information that you can use to diagnose Domain Name System (DNS) infrastructure.
nslookup <ipaddress or computername>
Queries the local computer’s default DNS name server for information on the specified IP address or computer name. Supply either piece of information and nslookup will return both pieces. It’s also possible to specify a particular DNS name server to be queried, which is useful when troubleshooting whether DNS is propagating/replicating correctly.
Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) Echo Request messages. The receipt of corresponding Echo Reply messages are displayed, along with round-trip times. Ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution.
You can use ping to test both the computer name and the IP address of the computer. If pinging the IP address is successful, but pinging the computer name is not, you might have a name resolution problem.
ping <ipaddress or computername>
Makes four attempts to contact the computer at the specified IP Address or with the specified computer name, and reports back whether the machine could be contacted and the time taken for the request to travel to the remote computer, be acknowledged, and the acknowledgement received by the local computer.
ping <ipaddress or computername> -t
Repeatedly attempts to contact the remote computer until interrupted by pressing Ctrl+Break or Ctrl+C. This is sometimes called a persistent ping.
Displays detailed configuration information about a computer and its operating system, including operating system configuration, security information, product ID, and hardware properties, such as RAM, disk space, and network cards.
The systeminfo command also reveals installed hotfixes and some information about the computer that isn’t readily available in Device Manager or other MMC Snap-ins, such as the BIOS version.
Displays information about the local computer.
systeminfo /s computername /u domainuser
Displays information about a remote computer named computername.
systeminfo /s computername | find “System Model:”
Retrieves information about a remote computer named computername, but pipes the output of systeminfo to the find command, which returns only the line containing the string “System Model:”. This output in the command window shows only “System Model:” followed by the model of the remote computer.
The systeminfo report can be sent to a text file, ex: systeminfo > systeminforeport.txt
Returns the media access control (MAC) address and list of network protocols associated with each address for all network cards in each computer, either locally or across a network.
Shows MAC addresses for the local computer.
getmac /s computername /u domainusername /v
Shows MAC addresses for a remote computer named computername while authenticating as a different user.
(Need to test this.)
Sends a message to a user (this may be turned off in many environments). Run msg /? for usage information.