Command line scanning options
This article summarizes commands and options for scanning from the command line in Movere.
Command line scanning process
Command line scanning follows this process:
- In the Movere Console, you specific scanning options and credentials.
- After setting the options in the Console, you run commands from a elevated command prompt, to scan the required devices.
- From the command-line, view options by running
Movere.Service.exe -help
.
Command line options
OPTION | Details | Usage |
---|---|---|
-AD | Collect Active Directory data | Use the first time that you scan a domain. Can be combined with the DEVICES option. |
-ALL | Scan all Windows devices including servers and workstations. | Can be used with -DOMAIN, -FOREST, and -OU flags to scan all devices in the specified domain/forest/OU. Can't be used with -SERVERS, -WORKSTATIONS or -DEVICE flags. |
-ARC | Enables actual resource consumption scanning for targeted devices. When run from a command line, Movere defaults to collecting resource consumption data in five minute intervals, for seven days, unless otherwise configured via the Movere Console. | Can be used with SERVERS, -WORKSTATIONS, -LINUX, and -DEVICE flags. |
-DEVICE:Name | Scan only the specified Windows devices as a comma separated list, or as an IP address subnet in CIDR format (e.g. 10.0.0.0/24 = 10.0.0.1 - 10.0.0.254). | Can't be used with -ALL,-SERVERS, or -WORKSTATIONS flags. |
-DEVICES | Inventory scan of Windows devices from Active Directory, or based on a rescan file. | Can be combined with the -AD option. |
-DOMAIN:name | Scan only the specific domain. | The default domain is that of the local device. This setting can be used to specify additional or other domains. Multiple domains can be comma-separated. Can be used with -AD, -DEVICES, and -LINUX flags. |
-FOREST | Scan every domain in the forest. | Can be used with -AD, -DEVICES, and -LINUX flags. |
-HELP | View supported command-line flag options. | Displays all options from within the command prompt. |
-LINUX | Scan Linux devices from Active Directory, or based on a rescan file. | Can be used with -ARC, -FOREST, AND -OU flags. |
-LINUXDEVICE:Name | Scan only the specified Linux devices as a comma separated list, or as an IP address subnet in CIDR format (e.g. 10.0.0.0/24 = 10.0.0.1 - 10.0.0.254) | Can be used with -ARC, -FOREST, AND -OU flags. |
-LOCAL | Scans Windows devices using .NET locally (no service). | Can be used with -ALL, -SERVERS, -WORKSTATIONS, -DEVICE, and -RESCAN flags. |
-MAGICWORD: | The secret that you set when starting the Movere Console. | The magic word must be provided for all Movere scans, and the flag must be used in all commands for all scans, regardless of scanning parameters. |
-MAXDEVICES: | Use with -PASSPHRASE when configuring bots for manual deployment, or deployment using 3rd party software. | The default value is 1000. It should be increased if scanning more than 1000 total devices. Once the MaxDevices value is reached, new bots can't retrieve Token2 files, are are denied access to the Movere Console. This value should only be modified if you're targeting more than 1000 total devices, and scanning manually or with 3rd party software. |
-NOUSER | Excludes user data collection when scanning Active Directory (optional). | Must be combined with -AD flag. |
-O365 | Extract Microsoft 365 subscription users and features. | For this option, Microsoft 365 credentials must be entered in the Movere Console, before you start scanning from the command line. |
-OU:domain\ou | Scan only the specified Organization Units (OUs) in the specified domain. | Nested OUs must be comma-separated after domain\b, eginning with the highest-level OU. Spaces in an OU name must be typed as a double underscore, for example, type in "OU Test" as "OU__Test" Must be combined with -DOMAIN. Can be used with -DEVICES, -SERVERS, and -LINUX flags. |
-RESCAN | Scan only the devices listed in the rescan (csv) file, in the DevicesToRescan folder. | The rescan file can be downloaded using the Movere Console, or from the Movere website. Learn More about rescan files. The rescan file contains devices from all domains discovered by Movere. To limit the devices, specify the domain names as a comma separated list. |
-SERVERS | Scan only Windows servers from Active Directory. | Can be used with -DOMAIN, -FOREST, and -OU flags to scan all servers in the specified domain/forest/OU. Can't be used with -ALL,-WORKSTATIONS, or -DEVICE flags. |
-STARTLISTENER | Installs the Movere Service as a Windows servicea, at the completion of a scan. | Enables long-running actual resource consumption scans, or scans initiated by third-party software, to continue in the event of a Windows restart, or if the Console stops. |
-UPLOAD | Automatically uploads payloads to the Movere cloud, from either the target device or the Movere Console. | Running a scan from the command line without this flag prevents any payload from uploading to the cloud automatically. All payloads must be uploaded manually from the Movere Console. |
-VCSA:name | Extract data from VMware vCenter Server Appliances. | Enter appliance names, or IP addresses, in a comma-separated list. For this option, specific appliance credentials must be entered in the Movere Console, before you start the scan from the command line. |
-WMI | Scans Windows devices only, using WMI (default uses .NET). | Can be used with -ALL, -SERVERS, -WORKSTATIONS, -DEVICE, and -RESCAN flags. |
-WORKSTATIONS | Scan only Windows workstations from Active Directory. | Can be used with -DOMAIN, -FOREST, and -OU flags to scan all servers in the specified domain/forest/OU. Can't be used with -ALL, -SERVERS, or -DEVICE flags. |
Examples
Scan | Command |
---|---|
Extract Active Directory data from a single domain. | Movere.Service.exe -magicword:MagicWordHere -ad -domain:domain.com |
Extract Active Directory data from multiple domains. | Movere.Service.exe -magicword:MagicWordHere -ad -domain:domain1.com,domain2.com |
Extract Active Directory data from a forest, starting with a specific domain. | Movere.Service.exe -magicword:MagicWordHere -ad -forest -domain:domain.com |
Extract Active Directory for a single domain, without collecting user data. | Movere.service.exe -magicword:MagicWord -ad -domain:DomainName -nouser -upload |
Extract Active Directory data, and scan Windows Server and workstations from the domain, with automatic uploading to the cloud. | Movere.Service.exe -magicword:MagicWordHere -devices -all -ad -domain:domain.com -upload |
Extract Active Directory data, and scan the Windows Servers and workstations in multiple domains, with automatic uploading to the cloud. | Movere.Service.exe -magicword:MagicWordHere -devices -all -ad -domain:domain1.com,domain2.com -upload |
Scan Windows servers in the domain. | Movere.Service.exe -magicword:MagicWordHere -devices -servers -domain:domain.com |
Scan Windows workstations in the domain. | Movere.Service.exe -magicword:MagicWordHere -devices -workstations -domain:domain.com |
Scan all Windows devices in the domain. | Movere.Service.exe -magicword:MagicWordHere -devices -all -domain:domain.com |
Scan Windows servers in a specific OU within a domain. | Movere.Service.exe -magicword:MagicWordHere -devices -servers -domain:domain.com -ou:domain.com\OU1,OU2,OU3 |
Scan three Windows devices: the Movere Console host (localhost), a remote server by FQDN, and a remote server by IP address, within the domain. | Movere.Service.exe -magicword:MagicWordHere -devices -device:localhost,dc1.domain.com,10.3.1.108 -domain:domain.com |
Scan Windows Servers within the domain, using a WMI scan only. | Movere.Service.exe -magicword:MagicWordHere -devices –servers -wmi -domain:domain.com |
Scan Windows Workstations within the domain, using .NET locally (no temporary service). | Movere.Service.exe -magicword:MagicWordHere -devices -workstations –local -domain:domain.com |
Scan Windows devices in the domain from a rescan file. | Movere.Service.exe -magicword:MagicWordHere -rescan:domain -upload |
Scan a Windows subnet with automatic uploading. | Movere.Service.exe -magicword:MagicWordHere -device:10.22.4.0/22 -upload |
Collect actual resource consumption data from Windows Servers in the domain, with automatic uploading. | Movere.Service.exe -magicword:MagicWordHere -devices -servers -arc -domain:domain.com -upload |
Scan Linux devices in the domain from a rescan file. | Movere.Service.exe -magicword:MagicWordHere -linux -rescan:domain.com -upload |
Collect actual resource consumption data from Linux devices in the domain, with automatic uploading. | Movere.Service.exe -magicword:MagicWordHere -domain:domain.com -linux -arc -upload |
Scan all Linux devices in the domain, with automatic uploading. | Movere.Service.exe -magicword:MagicWordHere -domain:domain.com -linux -upload |
Scan three Linux devices for scanning, using device name and IP address. | Movere.Service.exe -magicword:MagicWordHere -linuxdevice:host1,host2,192.168.1.2 |
Scan a Linux subnet. | Movere.Service.exe -magicword:MagicWordHere -linuxdevice:192.168.1.0/24 |
Scan a single with automatic uploading | Movere.service.exe -magicword:MagicWordHere -VCSA:DeviceName -upload |
Scan multiple vCenter Server Appliances, with automatic uploading. | Movere.service.exe -magicword:MagicWordHere -VCSA:Device1,Device2 -upload |
Scan Microsoft 365 with automatic uploading. | Movere.service.exe -magicword:MagicWordHere -o365 -upload |
Next steps
- Run a command-line Active Directory scan.
- Run a command-line Windows scan.
- Run a command-line Linux scan.
- Run a command-line vCenter Appliance scan.
- Run a command-line Microsoft 365 scan.