Home » Computers » Windows » Windows Domain Secure Channel Testing

Windows Domain Secure Channel Testing

Use the NLTEST.EXE utility to test domain communication methods.

U:\>nltest.exe /?
Usage: nltest [/OPTIONS]

/SERVER:<ServerName> – Specify <ServerName>

/QUERY – Query <ServerName> netlogon service
/REPL – Force partial sync on <ServerName> BDC
/SYNC – Force full sync on <ServerName> BDC
/PDC_REPL – Force UAS change message from <ServerName> PDC

/SC_QUERY:<DomainName> – Query secure channel for <Domain> on <ServerName>
/SC_RESET:<DomainName>[\<DcName>] – Reset secure channel for <Domain> on <ServerName> to <DcName>
/SC_VERIFY:<DomainName> – Verify secure channel for <Domain> on <ServerName>
/SC_CHANGE_PWD:<DomainName> – Change a secure channel  password for <Domain> on <ServerName>
/DCLIST:<DomainName> – Get list of DC’s for <DomainName>
/DCNAME:<DomainName> – Get the PDC name for <DomainName>
/DSGETDC:<DomainName> – Call DsGetDcName /PDC /DS /DSP /GC /KDC
/TIMESERV /GTIMESERV /WS /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG /DS_6
/TRY_NEXT_CLOSEST_SITE /SITE:<SiteName> /ACCOUNT:<AccountName> /RET_DNS /RET_NETBIOS
/DNSGETDC:<DomainName> – Call DsGetDcOpen/Next/Close /PDC /GC
/KDC /WRITABLE /LDAPONLY /FORCE /SITESPEC
/DSGETFTI:<DomainName> – Call DsGetForestTrustInformation
/UPDATE_TDO
/DSGETSITE – Call DsGetSiteName
/DSGETSITECOV – Call DsGetDcSiteCoverage
/DSADDRESSTOSITE:[MachineName] – Call DsAddressToSiteNamesEx
/ADDRESSES:<Address1,Address2,…>
/PARENTDOMAIN – Get the name of the parent domain of this machine
/WHOWILL:<Domain>* <User> [<Iteration>] – See if <Domain> will log on <User>
/FINDUSER:<User> – See which trusted domain will log on <User>
/TRANSPORT_NOTIFY – Notify netlogon of new transport

/DBFLAG:<HexFlags> – New debug flag

/USER:<UserName> – Query User info on <ServerName>

/TIME:<Hex LSL> <Hex MSL> – Convert NT GMT time to ascii
/LOGON_QUERY – Query number of cumulative logon attempts
/DOMAIN_TRUSTS – Query domain trusts on <ServerName>
/PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V
/DSREGDNS – Force registration of all DC-specific DNS records
/DSDEREGDNS:<DnsHostName> – Deregister DC-specific DNS records for specified DC
/DOM:<DnsDomainName> /DOMGUID:<DomainGuid> /DSAGUID:<DsaGuid>
/DSQUERYDNS – Query the status of the last update for all DC-specific DNS records

/BDC_QUERY:<DomainName> – Query replication status of BDCs for <DomainName>

/LIST_DELTAS:<FileName> – display the content of given change log file

/CDIGEST:<Message> /DOMAIN:<DomainName> – Get client digest
/SDIGEST:<Message> /RID:<RID in hex> – Get server digest

/SHUTDOWN:<Reason> [<Seconds>] – Shutdown <ServerName> for <Reason>
/SHUTDOWN_ABORT – Abort a system shutdown


Leave a comment