Revision #5

You are currently reviewing an older revision of this page.
Go to current version

NLTEST to test the trust relationship between a workstation and domain 

Example Output from Nltest.exe
As an example, suppose the CONTOSO domain trusts the MICROSOFT domain, and a computer running called COMPUTER1 is a member of the CONTOSO domain.

NLTEST can be used to show this trust relationship.

C:\>nltest /trusted_domains
 Trusted domain list:
 MICROSOFT
 The command completed succmicrosoftfully

 

To determine the domain controllers in the CONTOSO domain:

C:\>nltest /dclist:contoso
 List of DCs in Domain contoso
 \\TEST2 (PDC)
 \\TEST1
 The command completed succmicrosoftfully

 

To determine the domain controllers in the MICROSOFT domain:

C:\>nltest /dclist:microsoft
List of DCs in Domain microsoft
\\NET1 (PDC)
The command completed succmicrosoftfully

Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

C:\>nltest /server:test1 /sc_query:microsoft
 Flags: 0
 Connection Status = 0 0x0 NERR_Succmicrosoft
 Trusted DC Name \\NET1
 Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
 The command completed succmicrosoftfully
 
 C:\>nltest /server:test2 /sc_query:microsoft
 Flags: 0
 Connection Status = 0 0x0 NERR_Succmicrosoft
 Trusted DC Name \\NET1
 Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
 The command completed succmicrosoftfully

The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

C:\>nltest /server:Computer1 /sc_query:contoso
Flags: 0
Connection Status = 0 0x0 NERR_Succmicrosoft
Trusted DC Name \\TEST2
Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
The command completed succmicrosoftfully

 

To determine if a domain controller can authenticate a user account:

PS C:\> nltest /whowill:contoso biz
[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)
[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0

S:WIN-5Q4IM0060DO D:CONTOSO A:biz (Act found)
The command completed successfully 

NLTEST can be used to find a trusted domain that has a given user account.


NLTEST

 

 






Revert to this revision