Revision #3

You are currently reviewing an older revision of this page.
Go to current version

NLTEST to test the trust relationship between a workstation and domain

 

 

Example Output from Nltest.exe
As an example, suppose the CONTOSO domain trusts the MICROSOFT domain, and a computer running called COMPUTER1 is a member of the CONTOSO domain.

NLTEST can be used to show this trust relationship.

C:\>nltest /trusted_domains
 Trusted domain list:
 MICROSOFT
 The command completed succmicrosoftfully

 

To determine the domain controllers in the CONTOSO domain:

C:\>nltest /dclist:contoso
 List of DCs in Domain contoso
 \\TEST2 (PDC)
 \\TEST1
 The command completed succmicrosoftfully

 

To determine the domain controllers in the MICROSOFT domain:

C:\>nltest /dclist:microsoft
List of DCs in Domain microsoft
\\NET1 (PDC)
The command completed succmicrosoftfully

Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

C:\>nltest /server:test1 /sc_query:microsoft
 Flags: 0
 Connection Status = 0 0x0 NERR_Succmicrosoft
 Trusted DC Name \\NET1
 Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
 The command completed succmicrosoftfully
 
 C:\>nltest /server:test2 /sc_query:microsoft
 Flags: 0
 Connection Status = 0 0x0 NERR_Succmicrosoft
 Trusted DC Name \\NET1
 Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
 The command completed succmicrosoftfully


The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

C:\>nltest /server:Computer1 /sc_query:contoso
Flags: 0
Connection Status = 0 0x0 NERR_Succmicrosoft
Trusted DC Name \\TEST2
Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
The command completed succmicrosoftfully

 

To determine if a domain controller can authenticate a user account:

C:\>nltest /whowill:MICROSOFT bob
 [20:58:55] Mail mmicrosoftage 0 sent succmicrosoftfully
 (\MAILSLOT\NET\GETDC939)
 [20:58:55] Response 0: S:\\NET1 D:MICROSOFT A:bob (Act found)
 The command completed succmicrosoftfully
 
 C:\>nltest /whowill:contoso test
 [21:26:13] Response 0: S:\\TEST2 D:CONTOSO A:test (Act found)
 [21:26:15] Mail mmicrosoftage 0 sent succmicrosoftfully
 (\MAILSLOT\NET\GETDC295)
 The command completed succmicrosoftfully

NLTEST can be used to find a trusted domain that has a given user account.



NLTEST

 

 






Revert to this revision