System Administrator Daily Routine - Useful Commands

This post is to help me in my daily routine as a knowledge base and to help others colleagues as well. It will be always updated.


To check if the Windows client is connected to the WSUS Server, open the CMD and type:

reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate

If it's not ok, type:

wuauclt.exe /detectnow

wuauclt.exe /reportnow

wuauclt.exe /register


Basic report:

Specific DC:
dcdiag /S:DCNAME

All DC's in the current AD site:
dcdiag /A

All DC's in the forest AD:
dcdiag /E

Only error messages to be displayed:
dcdiag /Q

To export the output to a log file:
dcdiag /F:C:\log.txt


1º - Perform this command:

RepAdmin /ReplSummary (for all DC's)
RepAdmin /ReplSummary DC01 (for an specific DC)
RepAdmin /ReplSummary %computername% (for the current DC)

How to analyze?
Check if there is no fails and all largest deltas are less than 1 hour within sites and 3 hours between sites.

2º - In the case of any errors shown in the command above, check which kind of connection it is:

repadmin /showrepl
repadmin /showrepl dc01

Basically, there are 5 NC's (naming context) connections:

Domain NC
Configuration NC
Schema NC

The expected result is to have the last attempt time equivalent to replsummary result.
The AD replication is 100% dependent of DNS, errors can be related to DNS issues.

3º - To try fix any replication issues, type:

Repadmin /replicate

This command will manually start a replication process.

4º - To check the items waiting to be replicated, perform:

Repadmin /queue


To quick discovery where the master operations are running, type:

netdom /query fsmo

To perform a seize operation:




The following command will find all computers in Active Directory that have not been logged into during the past 8 weeks:

dsquery computer -inactive 8 -limit 0

The following command will find and delete them:

dsquery computer -inactive 8 -limit 0 | dsrm

The DSQUERY utility comes with the Windows Server 2003 Support Tools package (Adminpak.msi) which can be installed directly from your Windows Server 2003 installation media or downloaded from the Microsoft website.


1 - To query what domain controllers this computer recently contacted, you can use the following command.

klist query_bind

2 - When you want to diagnose a logon session for a user or a service, you can use the following command to find the LogonID that is used in other Klist commands.
klist sessions

SYSVOL & Netlogon Replication
If use FRS replication between DCs and need to restore it in one or more DCs, perform the BurFlags procedure:


gpresult /R
gpresult /H c:\file.html
gpupdate /target:computer /force
gpupdate /force

Force update of group membership of computer object without reboot the system:
klist -li 0x3e7 purge


How to enable remote sessions:
Enable-psRemoting <ENTER>

How to remotely connect to another server:
Enter-psSession MachineName <ENTER>

How to end your remote session type:
Exit-psSession <ENTER>

How to use PowerShell on Windows 2003 servers:
Download and install Windows Management Framework Core (WinRM 2.0 and Windows PowerShell 2.0) from:

or 64bit OS:

On services.msc

Scroll down and find: Windows Management Instrumentation and Windows Remote Management (WS-Management) and make sure they are both started and set to run automatically.


Checking the time in all DCs the on domain:
w32tm /monitor /domain:domainname

Checking the time source on a workstation or server:
w32tm /query /source

Checking the last synchronization and others information:
w32tm /query /status