AD NLTEST CMD in Brief – Pugazh Network

NLTEST to test the trust relationship between a workstation and domain

Table of Contents:

- 1.NLTEST can be used to show this trust relationship.

- 2.To determine the domain controllers in the CONTOSO domain:

- 3.To determine the domain controllers in the CONTOSO domain:

- 4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

- 5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

- 6.To determine if a domain controller can authenticate a user account:

- 7.NLTEST can be used to find a trusted domain that has a given user account.

- 8.Determine SRV priorities and weights (Command for trusting and trusted domain)

- 9.Determine the failures for all DC-specific DNS records
- 10.Reset the NETLON secure channel

1.NLTEST can be used to show this trust relationship.

PS C:\> nltest /trusted_domains

List of domain trusts:

0: GS gs.com (NT 5) (Direct Outbound) (Direct Inbound) ( Attr: 0x8 )

1: CONTOSO contoso.com (NT 5) (Forest Tree Root) (Primary Domain) (Native)

The command completed successfully

2.To determine the domain controllers in the CONTOSO domain:

PS C:\> nltest /dclist:contoso

Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'.

WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR

The command completed successfully

3.To determine the domain controllers in the CONTOSO domain:

PS C:\> nltest /dclist:contoso

Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'.

WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR

The command completed successfully

4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

C:\>nltest /server:test1 /sc_query:microsoft

Flags: 0

Connection Status = 0 0x0 NERR_Succmicrosoft

Trusted DC Name \\NET1

Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft

The command completed succmicrosoftfully

C:\>nltest /server:test2 /sc_query:microsoft

Flags: 0

Connection Status = 0 0x0 NERR_Succmicrosoft

Trusted DC Name \\NET1

Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft

The command completed succmicrosoftfully

5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

C:\>nltest /server:Computer1 /sc_query:contoso

Flags: 0

Connection Status = 0 0x0 NERR_Succmicrosoft

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft

The command completed succmicrosoftfully

6.To determine if a domain controller can authenticate a user account:

`PS C:\> nltest /whowill:contoso biz``[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0`

S:WIN-5Q4IM0060DO D:CONTOSO A:biz (Act found)

The command completed successfully

7.NLTEST can be used to find a trusted domain that has a given user account.

8.Determine SRV priorities and weights (Command for trusting and trusted domain)

PS C:\> nltest /dnsgetdc:contoso.com

List ofDCs inpseudo-random order taking into account SRV priorities andweights:

Non-Site specific:

win-5q4im0060do.contoso.com fe80::e0a8:9c56:ba17:df5d%1210.224.34.1

The command completed successfully

PS C:\> nltest /dnsgetdc:gs.com

List ofDCs inpseudo-random order taking into account SRV priorities andweights:

Non-Site specific:

ban-dc01.gs.com 10.224.34.10

The command completed successfully

PS C:\>

9.Determine the failures for all DC-specific DNS records

PS C:\> nltest /DSQUERYDNS

Flags: 0

Connection Status = 0 0x0 NERR_Success

There was no failure in the last update for all DC-specific DNS records

The command completed successfully

10.Reset the NETLON secure channel

`nltest /sc_reset:<domainname>`

Below are the cmd to force manually to register & deregister resource record:

Forced manual registration: NLTEST /DSREGDNS
Forced manual deregistration: NLTEST /DSDEREGDNS:<FQDN DC>

1.NLTEST can be used to show this trust relationship.

2.To determine the domain controllers in the CONTOSO domain:

3.To determine the domain controllers in the CONTOSO domain:

4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

6.To determine if a domain controller can authenticate a user account:

PS C:\> nltest /whowill:contoso biz[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0

7.NLTEST can be used to find a trusted domain that has a given user account.

8.Determine SRV priorities and weights (Command for trusting and trusted domain)

9.Determine the failures for all DC-specific DNS records

10.Reset the NETLON secure channel

nltest /sc_reset:<domainname>

`PS C:\> nltest /whowill:contoso biz``[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0`

`nltest /sc_reset:<domainname>`