The following blog post is just a re-blogurtation of this post https://social.technet.microsoft.com/wiki/contents/articles/16067.nltest-to-test-the-trust-relationship-between-a-workstation-and-domain.aspx
1.NLTEST can be used to show this trust relationship.
PS C:\> nltest /trusted_domains
List of domain trusts:
0: GS gs.com (NT 5) (Direct Outbound) (Direct Inbound) ( Attr: 0x8 )
1: CONTOSO contoso.com (NT 5) (Forest Tree Root) (Primary Domain) (Native)
The command completed successfully
2.To determine the domain controllers in the CONTOSO domain:
PS C:\> nltest /dclist:contoso
Get list of DCs in domain ‘contoso’ from ‘\\WIN-5Q4IM0060DO‘.
WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR
The command completed successfully
3.To determine the domain controllers in the CONTOSO domain: (note: there is no difference between 2 and 3)
PS C:\> nltest /dclist:contoso
Get list of DCs in domain ‘contoso’ from ‘\\WIN-5Q4IM0060DO‘.
WIN-5Q4IM0060DO.contoso.com [PDC] [DS] Site: IND-BLR
The command completed successfully
4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.
C:\>nltest /server:test1 /sc_query:microsoft
Flags: 0
Connection Status = 0 0x0 NERR_Succmicrosoft
Trusted DC Name \\NET1
Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
The command completed succmicrosoftfully
C:\>nltest /server:test2 /sc_query:microsoft
Flags: 0
Connection Status = 0 0x0 NERR_Succmicrosoft
Trusted DC Name \\NET1
Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
The command completed succmicrosoftfully
5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.
C:\>nltest /server:Computer1 /sc_query:contoso
Flags: 0
Connection Status = 0 0x0 NERR_Succmicrosoft
Trusted DC Name \\TEST2
Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
The command completed succmicrosoftfully
6.To determine if a domain controller can authenticate a user account:
PS C:\> nltest /whowill:contoso biz
[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)
[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0
S:WIN-5Q4IM0060DO D:CONTOSO A:biz (Act found)
The command completed successfully
7.NLTEST can be used to find a trusted domain that has a given user account.
PS C:\> nltest /finduser:biz
8.Determine SRV priorities and weights (Command for trusting and trusted domain)
PS C:\> nltest /dnsgetdc:contoso.com
List of DCs in pseudo-random order taking into account SRV priorities and weights:
Non-Site specific:
win-5q4im0060do.contoso.com fe80::e0a8:9c56:ba17:df5d%12 10.224.34.1
The command completed successfully
PS C:\> nltest /dnsgetdc:gs.com
List of DCs in pseudo-random order taking into account SRV priorities and weights:
Non-Site specific:
ban-dc01.gs.com 10.224.34.10
The command completed successfully
PS C:\>
9.Determine the failures for all DC-specific DNS records
PS C:\> nltest /DSQUERYDNS
Flags: 0
Connection Status = 0 0x0 NERR_Success
There was no failure in the last update for all DC-specific DNS records
The command completed successfully
10.Reset the NETLON secure channel
nltest /sc_reset:<domainname>
You must be logged in to post a comment.