NLTEST to test the trust relationship between a workstation and domain

1.NLTEST can be used to show this trust relationship.
2.To determine the domain controllers in the CONTOSO domain:
3.To determine the domain controllers in the CONTOSO domain:
4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.
5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.
6.To determine if a domain controller can authenticate a user account:
7.NLTEST can be used to find a trusted domain that has a given user account.
8.Determine SRV priorities and weights (Command for trusting and trusted domain)
9.Determine the failures for all DC-specific DNS records
10.Reset the NETLON secure channel

1.NLTEST can be used to show this trust relationship.

PS C:\> nltest /trusted_domains

List of domain trusts:

0: GS gs.com (NT 5) (Direct Outbound) (Direct Inbound) ( Attr: 0x8 )

1: CONTOSO contoso.com (NT 5) (Forest Tree Root) (Primary Domain) (Native)

The command completed successfully

2.To determine the domain controllers in the CONTOSO domain:

PS C:\> nltest /dclist:contoso

Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'.

WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR

The command completed successfully

3.To determine the domain controllers in the CONTOSO domain:

`PS C:\> nltest /dclist:contoso Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'. WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR The command completed successfully`

4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

C:\>nltest /server:test1 /sc_query:microsoft

Flags: 0

Connection Status = 0 0x0 NERR_Succmicrosoft

Trusted DC Name \\NET1

Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft

The command completed succmicrosoftfully

C:\>nltest /server:test2 /sc_query:microsoft

Flags: 0

Connection Status = 0 0x0 NERR_Succmicrosoft

Trusted DC Name \\NET1

Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft

The command completed succmicrosoftfully

5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

C:\>nltest /server:Computer1 /sc_query:contoso

Flags: 0

Connection Status = 0 0x0 NERR_Succmicrosoft

Trusted DC Name \\TEST2

Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft

The command completed succmicrosoftfully

6.To determine if a domain controller can authenticate a user account:


PS C:\> nltest /whowill:contoso biz

[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)

[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0


S:WIN-5Q4IM0060DO D:CONTOSO A:biz (Act found)

The command completed successfully

7.NLTEST can be used to find a trusted domain that has a given user account.

8.Determine SRV priorities and weights (Command for trusting and trusted domain)

PS C:\> nltest /dnsgetdc:contoso.com

Listof DCsin pseudo-random order taking into account SRV prioritiesand weights:

Non-Site specific:

win-5q4im0060do.contoso.com fe80::e0a8:9c56:ba17:df5d%12 10.224.34.1

The command completed successfully

PS C:\> nltest /dnsgetdc:gs.com

Listof DCsin pseudo-random order taking into account SRV prioritiesand weights:

Non-Site specific:

ban-dc01.gs.com 10.224.34.10

The command completed successfully

PS C:\>

9.Determine the failures for all DC-specific DNS records


PS C:\> nltest /DSQUERYDNS

Flags: 0

Connection Status = 0 0x0 NERR_Success

There was no failure in the last update for all DC-specific DNS records

The command completed successfully

10.Reset the NETLON secure channel

nltest /sc_reset:<domainname>

Wiki - Revision Comment List(Revision Comment)

| |

Comments

Richard Mueller

12 Sep 2013 8:21 PM

Richard Mueller edited Revision 16. Comment: Changed tag "hastoc" to "Has TOC"
- Edit

Wikis - Comment List

Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.

Posted by Payam Haddad

on 26 Feb 2013 12:29 AM

Great tool
Edit
Posted by i.biswajith

on 31 May 2013 3:58 AM

User is not able to login; issue can be from any side. That can be server issue or can be user side issue. So how to find immediately that is server side or user side issue. Then only we can troubleshoot.

For checking the server side issue use below command

nltest /server:<servername> /sc_query:<domainname>

For checking the User side issueuse the below command

nltest /whowill:domainname <samid>
Edit
Posted by Richard Mueller

on 12 Sep 2013 8:21 PM

Richard Mueller edited Revision 16. Comment: Changed tag "hastoc" to "Has TOC"
Edit

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

NLTEST to test the trust relationship between a workstation and domain

NLTEST to test the trust relationship between a workstation and domain

Table of Contents

1.NLTEST can be used to show this trust relationship.

2.To determine the domain controllers in the CONTOSO domain:

3.To determine the domain controllers in the CONTOSO domain:

`PS C:\> nltest /dclist:contoso Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'. WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR The command completed successfully`

4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

6.To determine if a domain controller can authenticate a user account:

7.NLTEST can be used to find a trusted domain that has a given user account.

8.Determine SRV priorities and weights (Command for trusting and trusted domain)

9.Determine the failures for all DC-specific DNS records

`PS C:\> nltest /DSQUERYDNS`

`Flags: 0`

`Connection Status = 0 0x0 NERR_Success`

`There was no failure in the last update for all DC-specific DNS records`

`The command completed successfully`

10.Reset the NETLON secure channel

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

NLTEST to test the trust relationship between a workstation and domain

NLTEST to test the trust relationship between a workstation and domain

Table of Contents

1.NLTEST can be used to show this trust relationship.

2.To determine the domain controllers in the CONTOSO domain:

3.To determine the domain controllers in the CONTOSO domain:

PS C:\> nltest /dclist:contoso Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'. WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR The command completed successfully

4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

6.To determine if a domain controller can authenticate a user account:

7.NLTEST can be used to find a trusted domain that has a given user account.

8.Determine SRV priorities and weights (Command for trusting and trusted domain)

9.Determine the failures for all DC-specific DNS records

PS C:\> nltest /DSQUERYDNS Flags: 0 Connection Status = 0 0x0 NERR_Success There was no failure in the last update for all DC-specific DNS records The command completed successfully

10.Reset the NETLON secure channel

`PS C:\> nltest /dclist:contoso Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'. WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR The command completed successfully`

`PS C:\> nltest /DSQUERYDNS`

`Flags: 0`

`Connection Status = 0 0x0 NERR_Success`

`There was no failure in the last update for all DC-specific DNS records`

`The command completed successfully`