Find domain name from command line

We can find the domain name of a computer by running the following commnad from command line.

We can find the logged in user’s domain by using the environment variable ‘USERDOMAIN’. Command for this is given below.

Note that the value in %USERDOMAIN% may not be the same as the one returned by systeminfo command. %USERDOMAIN% gives the domain name the user account belongs to, it could be different from the domain of the computer. Also, this may give you the NetBios name of the computer, not DNS/FQDN name.

Alternatively, we can use WMIC to retrieve domain name.

Whatt is the command to view domain name in windows 7

All the above commands work on Windows 7. WMIC one may/may not work depending on whether the edition of win7 you have supports it or not.

The systeminfo command given in this post works on Windows 7 also. I think copying the command from this page had some problem and it did not work. Have corrected it. It should work now.

systeminfo | findstr Domain

I see no reason for the /b /c:” “

/C may not be required. /b is required to avoid matches with the values for other fields of systeminfo command.

Thanks! Useful!! Keep it up your good work.

Thanks for this! I needed to pull the domain for a powershell script for use on servers that didn’t have the ActiveDirectory module (and I wasn’t going to install it).

This enabled me to grab the domain, then trim out the header and return in Powershell for my variable.

This command returns domain or workgroup: net config workstation
* If domain: “Workstation Domain DNS Name”
* If group: “Workstation domain”

Get-WmiObject is not recognized as a command. Any help guys?

Get-WmiObject is a PowerShell cmdlet. You need to use the command in the PowerShell Terminal. To do it in the CMD Terminal, you need to run the WMIC commands (as explained above)
For example, “wmic computersystem get domain” (without quotes)

Can someone please guide me on how to obtain the domain name of the servers remotely. I need to get the domain name for hunderds of servers.
Is there a way to create a CSV file with the server names and create a batch file and run it to obtain this information?
Any help would be highly appreciated.
Thanks.

wmic /node:”COMPUTERNAME” computersystem get domain

I am getting domain as workgroup. what’s wrong here?

It means that your computer is not part of a domain but a workgroup. All the home computers are part of a workgroup.

what is domain for windows 8? i need it for change to administrator, it is will work?

thanks for share me the value knowledge

Excellent info and list of commands.. Thank you.

Just type –> set user

gives you the domain info without searching

set user only shows the domain of which the user is a member.
NOT the computer’s domain. (This could be different).

If so, the ‘wmic computersystem get domain’ is a working command.

systeminfo | findstr /B /C:”Domain” depends on the OS language.
if you have a german OS, it’s
systeminfo | findstr /B /C:”Domäne” .
But otherwise fine info.

User Name Formats

When an application uses the Credentials Management API to prompt for credentials, the user is expected to enter information that can be validated, either by the operating system or by the application. The user can specify domain credentials information in one of the following formats:

User Principal Name

User principal name (UPN) format is used to specify an Internet-style name, such as UserName@Example.Microsoft.com. The following table summarizes the parts of a UPN.

Part	Example
User account name. Also known as the logon name.	UserName
Separator. A character literal, the at sign (@).	@
UPN suffix. Also known as the domain name.	Example.Microsoft.com

A UPN can be implicitly or explicitly defined. An implicit UPN is of the form UserName@DNSDomainName.com. An implicit UPN is always associated with the user’s account, even if an explicit UPN is not defined. An explicit UPN is of the form Name@Suffix, where both the name and suffix strings are explicitly defined by the administrator.

Down-Level Logon Name

The down-level logon name format is used to specify a domain and a user account in that domain, for example, DOMAIN\UserName. The following table summarizes the parts of a down-level logon name.

User Naming Attributes

User naming attributes identify user objects, such as logon names and IDs used for security purposes. The cn, name, and distinguishedName attributes are examples of user naming attributes. A user object is a security principal object, so it also includes the following user naming attributes:

• userPrincipalName — the logon name for the user
• objectGUID — the unique identifier of a user
• sAMAccountName — a logon name that supports previous version of Windows
• objectSid — security identifier (SID) of the user
• sIDHistory — the previous SIDs for the user object

You can view and manage these attributes using the Active Directory User and Computers MMC snap-in, which is available in the Remote Server Administration Tools (RSAT).

userPrincipalName

The userPrincipalName attribute is the logon name for the user. The attribute consists of a user principal name (UPN), which is the most common logon name for Windows users. Users typically use their UPN to log on to a domain. This attribute is an indexed string that is single-valued.

A UPN is an Internet-style login name for a user based on the Internet standard RFC 822. The UPN is shorter than a distinguished name and easier to remember. By convention, this should map to the user’s email name. The point of the UPN is to consolidate the email and logon namespaces so that the user only needs to remember a single name.

UPN Format

A UPN consists of a UPN prefix (the user account name) and a UPN suffix (a DNS domain name). The prefix is joined with the suffix using the «@» symbol. For example, «someone@ example.com». A UPN must be unique among all security principal objects within a directory forest. This means the prefix of a UPN can be reused, just not with the same suffix.

A UPN suffix has the following restrictions:

• It must be the DNS name of a domain, but does not need to be the name of the domain that contains the user.
• It must be the name of a domain in the current domain forest, or an alternate name listed in the upnSuffixes attribute of the Partitions container within the Configuration container.

UPN Management

A UPN can be assigned, but is not required, when a user account is created. When a UPN is created, it is unaffected by changes to other attributes of the user object such as the user being renamed or moved. This allows the user to keep the same login name if a directory is restructured. However, an administrator can change a UPN. When you create a new user object, you should check the local domain and the global catalog for the proposed name to ensure it does not already exist.

When a user uses a UPN to log on to a domain, the UPN is validated by searching the local domain and then the global catalog. If the UPN is not found in the global catalog, the logon attempt fails.

objectGUID

The objectGUID attribute is the unique identifier of a user. The attribute is a single-valued 128-bit Globally Unique Identifier (GUID), and is stored as an ADS_OCTET_STRING structure. The GUID is created by the Active Directory server when a user object is created.

Because an object’s distinguished name changes if the object is renamed or moved, the distinguished name is not a reliable identifier of an object. In Active Directory Domain Services, an object’s objectGUID attribute never changes, even if the object is renamed or moved. You can retrieve the string form of the objectGUID using the GUID property method in IADs Property Methods.

sAMAccountName

The sAMAccountName attribute is a logon name used to support clients and servers from previous version of Windows, such as Windows NT 4.0, Windows 95, Windows 98, and LAN Manager. The logon name must be 20 or fewer characters and be unique among all security principal objects within the domain.

objectSid

The objectSid attribute is the security identifier (SID) of the user. The SID is used by the system to identify a user and their group memberships during interactions with Windows security. The attribute is single-valued. The SID is a unique binary value used to identify the user as a security principal.

The SID is set by the system when the user is created. Each user has a unique SID issued by a Windows domain and stored in the objectSid attribute of the user object in the directory. Each time a user logs on, the system retrieves the user’s SID from the directory and places it in the user’s access token. The user’s SID is also used to retrieve the SIDs for the groups of which the user is a member and places them in the user’s access token. When a SID has been used as the unique identifier for a user or group, it cannot be used again to identify another user or group.

sIDHistory

The sIDHistory attribute contains the previous SIDs for the user object. This is a multi-valued attribute. A user object has previous SIDs if the user was moved to another domain. Whenever a user object is moved to a new domain, a new SID is created and assigned the objectSid attribute, and the previous SID is added to the sIDHistory attribute.

ИТ База знаний

Курс по Asterisk

Полезно

— Узнать IP — адрес компьютера в интернете

— Онлайн генератор устойчивых паролей

— Онлайн калькулятор подсетей

— Калькулятор инсталляции IP — АТС Asterisk

— Руководство администратора FreePBX на русском языке

— Руководство администратора Cisco UCM/CME на русском языке

— Руководство администратора по Linux/Unix

Навигация

Серверные решения

Телефония

FreePBX и Asterisk

Настройка программных телефонов

Корпоративные сети

Протоколы и стандарты

Популярное и похожее

Курс по сетям

Что такое Active Directory и LDAP?

URL и URI — в чем различие?

Погружение в Iptables – теория и настройка

9 надежных почтовых хостингов для организаций

NoSQL: что это и почему говорим «нет» любимому SQL?

Что такое Domain Name System?

Про Git – систему контроля версия

Еженедельный дайджест

Создание доменного пользователя и ввод компьютера в домен

4 минуты чтения

В прошлой статье мы создали и настроили контроллер домена (DC), настало время наполнить наш домен пользователями и рабочими станциями.

Обучайся в Merion Academy

Пройди курс по сетевым технологиям

Начать

Конфигурация

Открываем Server Manager и выбираем опцию Roles.

Из доступных ролей выбираем недавно установленную — Active Directory Domain Services, далее Active Directory Users and Computers и находим созданный нами домен (в нашем случае — merionet.loc). В выпадающем списке объектов находим Users и кликаем по данной опции правой кнопкой мыши и выбираем New → User.

Отметим также, что вы можете создать свою группу и добавлять пользователей туда.

Перед нами откроется окно добавления нового пользователя. Заполняем учетные данные нового пользователя. Как правило, в корпоративных доменах, принято создавать именные учетные записи для того, чтобы в дальнейшем можно было отслеживать действия конкретного пользователя в целях безопасности и однозначно его идентифицировать.

Далее, нас просят ввести пароль для новой учетной записи и выбрать дополнительные опции:

• User must change password at next logon — при включении данной опции, пользователя попросят сменить пароль при следующем логине;
• User cannot change password — пользователь не сможет самостоятельно изменить свой пароль;
• Password never expires — срок действия пароля пользователя никогда не истечет;
• Account is disabled — учетная запись пользователя будем отключена и он не сможет залогиниться с доменными учетными данными, даже если они будут введены верно.

После того, как все данные будут заполнены, нас попросят подтвердить создание нового объекта.

Отлично, новый пользователь домена создан. Теперь нам нужно зайти на компьютер пользователя и ввести его в домен. Для этого логинимся на компьютер пользователя с локальными учетными данными и открываем Свойства компьютера. Как видите, наш компьютер пока еще не стал частью домена, он ещё является частью рабочей группы WORKGROUP/. Убедитесь, что компьютер пользователя имеет версию Windows не ниже Professional. Чтобы ввести его в домен выбираем Change Settings

Важно! Поддержка доменной инфраструктуры начинается только с версии Windows Professional. На версиях Starter, Home Basic, Home Premium подключиться к домену не получится!

Далее напротив опции «To rename this computer or change its domain or workgroup, click Change» нажимаем собственно Change

Важно! Для того, чтобы наш компьютер узнал о существующем контроллере домена нам нужно указать ему на DNS сервер, который имеет такую информацию. В нашем случае – контроллер домена является по совместительству DNS сервером для пользовательских машин. Поэтому мы указываем контроллер домена в качестве DNS сервера для настраиваемого компьютера.

Далее в открывшемся окне в опции «Member of» вместо Workgroup выбираем Domain и вводим имя нашего домена (в нашем случае – merionet.loc)

Далее нас попросят ввести учетные данные для учетной записи, которая уже создана и имеет право присоединиться к домену. Вводим учетные данные ранее созданного пользователя.

Если все было сделано корректно, то мы увидим сообщение, свидетельствующее о том, что наш компьютер теперь является частью домена (в нашем случае — merionet.loc)

После чего, нас попросят перезагрузить компьютер для применения изменений.

После перезагрузки, мы можем логиниться уже с учетными данными доменного пользователя.