/ Dsgetdc:
/ PDC
Return to the main domain controller
/ Ds
Return to Windows 2000 or Windows Server 2003 Domain Controller / DSP
Request Windows 2000 or Windows Server 2003 domain controller, if not, return NT and controller / GC
Return to the domain controller / KDC assigned to global catalog
Return to the domain controller assigned to the Kerberos key assignment center / TimeServ
Return to the domain controller assigned to time service / GTIMESERV
Return to the domain controller assignment as the main time service / NetBIOS
Specifies the computer name to NetBIOS name / DNS
Specifies the computer name to FQDNS / IP
Returns the domain controller / force of the specified IP address
Forced computers run commands on the DNS server instead of finding information / Writable in the cache
All active directory domain controllers will return, while NT 4.0 backup domain controller BDCs will not return / avoidself
Make sure you can position additional domain controllers in the domain / LDaponly
Return to the server running the LDAP application / backg
Return Backup Domain Controller / Site:
Sort so that
Returns domain controller information / RET_DNS with account
Returns domain controller / RET_NETBIOS in DNS domain
Return NetBIOS Domain Controller / DNSGetdc:
/ PDC
Return to the main domain controller / GC
Return to the domain controller / KDC assigned to global catalog
Return to the domain controller / Writable assigned to the Kerberos key allocation center
All active directory domain controllers will return, while NT 4.0 Backup domain controller BDCs will not return / ldaponly
Return to server running LDAP applications / force
Forced computers run commands on the DNS server instead of finding information / sitespec in the cache
Only returns a record containing site
/ Update_tdo
Update Inter-Local Storage Information / Domain_TrUSTS
/ Primary
Returns only the domain belonging to your computer /
FOREST
Returns only the domain under the same forest in the main domain / Direct_out
Returns the domain that is clearly trusted by the main domain / Direct_in
Returns the domain / all_trusts of the clear trust main domain
Returns all trusted domains / V
Display detailed output, including the domain SIDS and Guids / DSDEREGDNS:
/ DOM:
Specifies the DNS domain name of the host, if not specified, it will assume that the DNSHostName's suffix name is DNS domain name / Domguid:
Remove GUID-based DNS Record / DSAGUID:
Remove GUID-based DSA records
Application examples:
Example
Assignment Domain A Trust Domain B. The computer TAN running the Windows NT workstation is a member of domain a. Now we entered:
C: /> nltest / trusted_domains
Trusted Domain List:
B
THE Command Complated SuccessFully
You can see the trusted domain B on domain A.
Two examples
View domain controllers on domain A, just enter:
C: /> nltest / dclist: a
List of dcs in domain a
// C1 (PDC)
// C2
THE Command Complated SuccessFully
You can see the two domain controllers C1 and C2 on domain A, where C1 is the primary domain controller. Similarly, we have to see domain controller information on domain B, refer to the above format input, you can query the desired information example three
To see the security channels between each domain controller and domain controllers in domain A, you only need to press the input below:
C: /> NLTEST / Server: C1 / SC_QUERY: B
Flags: 0
Connection Status = 0 0x0 Nerr_suCcess
Trusted DC Name // D1
Trusted DC Connection Status Status = 0 0x0 Nerr_suCcess
THE Command Complated SuccessFully
C: /> NLTEST / Server: C2 / SC_Query: B
Flags: 0
Connection Status = 0 0x0 Nerr_suCcess
Trusted DC Name // D1
Trusted DC Connection Status Status = 0 0x0 Nerr_suCcess
THE Command Complated SuccessFully
From the above, you can see that the C1 and C2 domain controllers in domain A are trusted in D1 domain controllers in domain B.
Example four
To see if the workstation Tan has a clear trust relationship with the domain controller of domain A, you can enter:
C: /> NLTEST / Server: TAN / SC_QUERY: A
Flags: 0
Connection Status = 0 0x0 Nerr_suCcess
Trusted DC Name // C1
Trusted DC Connection Status Status = 0 0x0 Nerr_suCcess
THE Command Complated SuccessFully
It can be seen that there is a trust connection between the workstation TAN and the C1 domain controller in the domain A.
Example five
To determine if a domain controller can authenticate a user account, you can enter as shown below:
C: /> NLTEST / Whowill: b Administrator
[
20:58:55
] Mail Message 0 Sent SuccessFully
(/ Mailslot / net / getdc939)
[
20:58:55
] Response 0: S: // D1 D: B A: Administrator (Act Found)
THE Command Complated SuccessFully
C: /> NLTEST / Whowill: a administrator
[
21:26:13
] Response 0: S: // C1 D: a A: Administrator (act found)
[
21:26:15
] Mail Message 0 Sent SuccessFully
(/ Mailslot / net / getdc295)
THE Command Complated SuccessFully
You can see that the two administrator generate a call from the domain controller C1 of domain B domain controllers D1 and domain A, which proves that both Administrator are verified in their respective domains.
Example six
Use nltest.exe to find a trusted domain for the user account, we only need to press the input below:
C: /> nltest / Finduser: administrato
Domain name: B
Trusted DC Name // D1
THE Command Complated SuccessFully
From above we can see that the trusted domain controller D1 in domain B and domain B is found using the Administrator account.
Example
To verify the status of the backup domain controller BDC synchronization, you only need to enter: c: /> nlteest / bdc_query: a
Server: // C2
SYNCSTATE: IN_SYNC
ConnectionState: status = 0 0x0 Nerr_suCcess
THE Command Complated SuccessFully
It is seen that the synchronization state of the backup domain controller C2 is in_sync, i.e., the synchronization state of the backup domain controller C2 is good.
Example eight
NLTest.exe can also be used to synchronize account databases, such as synchronizing from one primary domain controller, we only need to enter: c: / nlteest / PDC_REPL; you want to synchronize from a member server, backup domain controller or a Windows NT workstation , Enter: C: / NLTEST / Server:
Problem answer:
Q: The DSA operation cannot continue because a DNS lookup error
A: (1) Use the nltest / dsgetdc: / pdc / forcetdc: / PDC / force / AvoidSelf command to determine if the correct primary domain controller is returned; (2) If you use the replmon or the repadmin command to report that there is a connection object but there is no copy link, the problem may be On the KCC; (3) Run the following command on the main domain controller: NLTEST / DBFLAG: 0x2000fffff and nlteest / dsgetdc: / gc, then determine where the error is determined according to the output information; ⑷ Run nlteest / dsgetdc: / gc / force to determine you Whether to contact a GC; ⑸ Check the "Password Last Changed" parameter on the primary domain controller and an error.
Q: The application is inconsistent between cross-domain controllers
A: Use the chkpolicy the name of your domain command to run the following script:
@echo off
REM / logs / chkpolicy domain_name
SET filename = sysvol /% DOM_NAME% / policies / {6ac1786c-016f-11d2-945f-00c04fb984f9} / machine / microsoft / windows nt / success / gpttmpl.inf
NLTEST / DCLIST:% DOM_NAME%> dclist.tmp
Del
Dclist1.tmp
FOR / F "eol =; tokens = 1 delims =," %% I in (dclist.tmp) DO (
@echo %% i >> dclist1.tmp
)
FOR / F "eol =. Tokens = 1 delims =." %% I in (dclist1.tmp) DO
@echo %% i
DIR "// %% I /% filename%"
)
Q: The directory service is too busy and cannot complete the operation.
A: Run the following script:
SetLocal
SET DESTGC = __ setgcnamehere__.site1.forest1.com
: domain1
Repadmin / delete DC = Domain1, DC = Site1, DC = Forest1, DC = COM% DESTGC% / NOSource
IF% errorlevel% == 8438 goto: domain2
: domain2
Repadmin / delete DC = Domain2, DC = Site1, DC = Forest1, DC = COM% DESTGC% / NosourceIF% ERRLEVEL% == 8438 GOTO: Domain3
REM ...
Endlocal
