Tag: Command Line

Categories
Active Directory Microsoft Windows

Microsoft Active Directory Time Sync Settings

So I was recently asked by a client: “Why is the time on my PC 5 minutes off from my phone?”

Now this is a small environment, a very small environment (1 Server and 7 workstations). The first thing I thought about was what does the server clock look like? So I remoted into the server and sure enough it had the same time as the workstation.

I went and checked the registry and found that the server was pointed get its time from time.windows.com, but for some reason that was not working.

I then used the following command to point it to several of the pools hosted by NIST.gov

w32tm /config /manualpeerlist:time-a-g.nist.gov,time-b-g.nist.gov,time-c-g.nist.gov,time-d-g.nist.gov /syncfromflags:manual /reliable:yes /update

After that I restarted the W32Time (Windows Time) service to make the update work.

Once that is done it should force a resync of the time service which could take some time to update and to sync with all the workstations.

I hope you find this post helpful, and if so please share it with your friends.

How to tell if your users AD account password has expired

Like I said in a previous post we are dealing with the after math of a disaster so most of our Administrative tools are still offline until we get around to bringing back online. One of those tools was a real life saver and would email not only the admin team but the end users that their AD password was about to expire. So without that we are flying blind, which is not a big deal for the day to day management of our network.

Moving along I got a call the other day from one of my users who was working remote who said that he could not connect to email. So I asked him when was the last time he reset his password, which he said he did not know.

So I opened up my command line and ran the following command

net user %USERNAME% /domain

Replace %Username% with the username you want to query and it will return a ton of information about the user account including the date the password will expire. 

Scenario 001 – You have a remote user who says they are not able to connect to the VPN. Claims that their password may have expired.

So you come in Monday morning and you get a phone call from your Director of Sales who says he is unable to log into the VPN. He is on the road all week in Canada and is not able to have you remote in to see what is going on. He has 30 minutes to prep for a very important meeting and he left his powerpoint deck on his H: Drive. He also tells you that he thinks he saw a message telling him that he needed to reset his password for the last two weeks but he just forgot to do it.

How can you find out what  is going on with his account?
Since we are working with a Microsoft AD environment there are hundreds (if not thousands) of ways to find your answer. One of my favorite ways to see what is going on with a AD account is by using NET USER “Username” /DOMAIN
This command will give you every piece of information about the user account that you could want including:
  •  AD Group Memberships
  • Last time the Password was reset
  • When is the next time it can be reset.
Next time you have a chance to play with your AD Domain try familiarizing yourself with this Command as it may help you in the future.