Windows Cheat Sheet for essential Commands

Mastering a few key Windows commands can save you time, troubleshoot issues, and unlock hidden features. From speeding up tasks to fixing common problems, the Command Prompt and PowerShell are powerful tools to solve some of these issues.

In this post, I will explore interesting and useful Windows commands and update this post regularly.

Determine if Computer is joined to an Domain (on-premise, Entra ID, Hybrid)

To quickly determine if a computer is joined to a domain (on-premise, Entra ID or hybrid) we can execute the following command in the PowerShell or CMD with elevated Administrator rights.

The dsregcmd.exe /status command is a useful diagnostic tool in Windows for checking the device’s Entra ID join status and related registration details. It provides information such as domain join type, user state, SSO (Single Sign-On) status, and other relevant Entra ID connectivity details. This command is particularly helpful for troubleshooting authentication, device registration, and hybrid join issues in enterprise environments. Running it displays a summary of the device’s Entra ID and domain registration state.

> dsregcmd.exe /status

Determine the Logon Server (Domain Controller) on a Windows Client

When a Windows computer joins a domain, it authenticates against a Domain Controller (DC), known as the logon server. There are several ways to find the Logon Server against the client authenticated.

By using the legacy CMD command set, just works when using the CMD (Command Prompt).

> set | findstr "LOGONSERVER"

The PowerShell equivalent is.

PS> Get-ChildItem Env:

PS> Get-ChildItem Env: | Where-Object { $_.Name -like "*LOGON*" -or $_.Name -like "*DOMAIN*" -or $_.Name -like "*USER*" }

By using the nltest command/utility used for testing and troubleshooting Active Directory (AD) domain relationships, trust configurations, and Domain Controller (DC) communications.

PS> nltest /dsgetdc:YOURDOMAIN.COM

Below the DC: \\MatrixDC-01.matrixpost-lab.net show the logon server which was used by the client.

PS> nltest /dsgetdc:$env:USERDOMAIN

Determine in which OU my Active Directory Domain Joined Computer is placed to

To determine directly on a Active Directory domain joined computer in which OU it is placed to, we can run the following PowerShell command.

PS> Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine" | Select-Object Distinguished-Name

PS> Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine" 

Determine in which OU my Active Directory User Account is placed to

We can run the following command which displays the user name in Fully Qualified
Distinguished Name (FQDN) format.

> whoami -fqdn

More you will find by display the help information for the whoami command.

> whoami /?

Force a Restart of the Explorer.exe

The explorer.exe (Windows Explorer) is a critical system process in Windows that provides the graphical user interface (GUI), including:

• The desktop (icons, wallpaper, and right-click menu)
• The taskbar (Start menu, system tray, and open apps)
• File Explorer (folders, drives, and file management)

In case the we can’t restart the explorer.exe directly on the machine by using for example the task manager, we can terminate and restart it by using the CMD or PowerShell shown below.

The following command forcefully closes Windows Explorer and then restarts it. This can be useful for refreshing the its controled components mentioned above if they frozen or misbehaving.

> taskkill /f /im explorer.exe && start explorer.exe

We can also fire up this command from remote by using for example the psexec utility from Sysinternals and shown in my following post.

Determine local Listening Ports

Below for example we will list the local TCP listening ports for RDP and SMB.

By using the Get-NetTCPConnection cmdlet we will see all states of the TCP socket.

PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 3389 }
PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 445 }

Or by using the good old netstat tool.

PS> netstat.exe -nao | findstr 3389 | findstr LISTENING
PS> netstat.exe -nao | findstr 445 | findstr LISTENING

-a – Displays all connections and listening ports (TCP & UDP)
-n – Show numerical addresses (no DNS resolution)
-o – Shows the Process ID (PID) associated with each connection.

Determine local Established Ports

Below we will see that the remote computer with the IP 10.0.0.149 is connected to the local server per RDP on TCP port 3389.

By using the Get-NetTCPConnection cmdlet we will see all states of the TCP socket including the established states.

PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 3389 }
PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 445 }

By using the netstat tool.

PS> netstat.exe -nao | findstr 3389 | findstr ESTABLISHED

-a – Displays all connections and listening ports (TCP & UDP)
-n – Show numerical addresses (no DNS resolution)
-o – Shows the Process ID (PID) associated with each connection.

Determine local open UDP Ports and Connections

To show all open UDP ports or as specific on a system we can use the Get-NetUDPEndpoint cmdlet.

Get-NetUDPEndpoint | Where-Object { $_.LocalPort -eq 111 }

The following command will show all open UPD ports and connections.

PS> netstat -anp UDP

-a – Show all connections and listening ports
-n – Show numerical addresses (no DNS resolution)
-p UDP – Filter for UDP only

Links

Windows Start button or the taskbar is not working – ideapad, ideacentre
https://support.lenovo.com/mn/en/solutions/ht503047-taskbarstart-button-does-not-respond-windows-10-ideapad-ideacentre