Specifies the domain in which to create the account. If the
parameter is omitted, then the domain that the current computer
belongs to is used.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /d parameter. If this parameter is omitted,
the current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/s:Server
Specifies the name of a domain controller that performs the
add.
/ou:OUPath
Specifies the organizational unit (OU) under which to create
the account. This must be the full RFC 1779 distinguished
name of the OU. If omitted, the account is created under the
default OU for machine objects for that domain.
/dc
Specifies that a domain controller's machine account is to be
created. This allows the computer accounts for new Windows NT
4.0 Backup Domain Controllers (BDCs) and new Windows 2000
domain controllers to be pre-created. If installing a new
Windows NT 4.0 BDC into an existing Windows 2000 domain,
the computer account must be pre-created. This option cannot be
used with the /ou parameter.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the add operation,
type the following at the command line:
Joins a workstation or member server to a domain. The act of
joining a computer to a domain creates an account for the computer
on the domain, if it does not already exist.
Specifies the domain to which the account is joined. If the
parameter is omitted, then the domain that the current computer
belongs to is used.
/ou:OUPath
Specifies the organizational unit (OU) under which to create
the account. This must be the full RFC 1779 distinguished
name of the OU. If omitted, the account is created under the
default OU for machine objects for that domain.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /d parameter. If this parameter is omitted,
the current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/uo:User
Specifies the user account that makes the connection with the
computer to be joined. If this parameter is omitted, the current
user account is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/reboot[:Delay]
Specifies that the computer is shut down and automatically
rebooted after the join has completed. Delay is the number
of seconds before automatic shutdown occurs. The default
Delay value is 20 seconds.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
When joining a computer running Windows NT 4.0 or earlier
to the domain, the operation is not transacted. This means that a
failure during the operation could leave the computer in an
undetermined state with respect to the domain to which it should be
joined.
To see the command-line usage for the join operation,
type the following at the command line:
Moves a workstation or member server to a new domain. The act of
moving a computer to a new domain creates an account for the
computer on the domain, if it does not already exist.
Specifies the domain to which the account is moved. If the
parameter is omitted, then the domain that the current computer
belongs to is used.
/ou:OUPath
Specifies the organizational unit (OU) under which to create
the account. This must be the full RFC 1779 distinguished
name of the OU. If omitted, the account is created under the
default OU for machine objects for that domain.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /d parameter. If this parameter is omitted,
the current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/uo:User
Specifies the user account to make the connection with the
computer to be moved. If this parameter is omitted, the current
user account is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/reboot[:Delay]
Specifies that the computer is shut down and automatically
rebooted after the move has completed. Delay is the number
of seconds before automatic shutdown occurs. The default
Delay is 20 seconds.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
When moving a computer running Windows NT 4.0 or earlier
to the domain, the operation is not transacted. This means that a
failure during the operation could leave the computer in an
undetermined state with respect to the domain to which it should be
moved.
When moving a computer to a new domain, the old computer
account in the previous domain is not deleted. If the prior domain
is a Windows 2000 domain, the old computer account is
disabled.
To see the command-line usage for the move operation,
type the following at the command line:
Specifies the domain to query for the information. If the
parameter is omitted, then the domain that the current computer
belongs to is used.
/s:Server
Specifies the name of a domain controller to perform the
query.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /d parameter. If this parameter is omitted,
the current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/verify
Specifies to verify the secure channel secrets for all
enumerated memberships or trusts as well as displaying them. Unless
the user is an enterprise administrator, it may not be possible to
verify all secure channel secrets.
/reset
Specifies to resynchronize the secure channel secrets for all
enumerated memberships or trusts (which are currently broken). The
/reset parameter implies the /verify parameter.
Unless the user is an enterprise administrator, it may not be
possible to reset all enumerated trusts or memberships.
/direct
Indicates that the query for trust relationships should only
return direct trust relationships rather than direct and indirect
ralationships. This parameter is valid only when Domain is
specified with the /d parameter.
WORKSTATION|
SERVER|DC|OU|PDC|FSMO|TRUST
Specifies the type of list to generate.
Object
Description
WORKSTATION
Queries the domain for the list of workstations.
SERVER
Queries the domain for the list of servers.
DC
Queries the domain for the list of domain controllers.
OU
Queries the domain for the list of OUs under which the
specified user can create a machine object.
PDC
Queries the domain for the current Primary Domain
Controller.
FSMO
Queries the domain for the current list of FSMO owners.
TRUST
Queries the domain for the list of its trusts.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the query operation,
type the following at the command line:
Specifies the domain from which the account will be removed. If
the parameter is omitted, then the domain that the current computer
belongs to is used.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /d parameter. If this parameter is omitted,
the current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/uo:User
Specifies the user account to make the connection with the
computer to be removed. If this parameter is omitted, the current
user account is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/reboot[:Delay]
Specifies that the computer is shut down and automatically
rebooted after the remove operation has completed.
Delay is the number of seconds before automatic shutdown
occurs. The default Delay is 20 seconds.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the remove operation,
type the following at the command line:
Specifies the name of the backup domain controller to
rename.
/d:Domain
Specifies the new name of the domain.
/reboot[:Delay]
Specifies that the computer is shut down and automatically
rebooted after the rename operation has completed.
Delay is the number of seconds before automatic shutdown
occurs. The default Delay is 20 seconds.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the rename operation,
type the following at the command line:
Specifies the name of the computer for which the connection
will be reset.
/d:Domain
Specifies the domain with which to establish the secure
connection. If the parameter is omitted, then the domain that the
current computer belongs to is used.
/s:Server
Specifies the name of the domain controller to use to establish
the secure connection.
/uo:User
Specifies the user account to make the connection with the
computer to be reset. If this parameter is omitted, the current
user account is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the reset operation,
type the following at the command line:
Specifies the name of the domain controller to use for setting
the machine account password.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /s parameter. This must be in
Domain\User format. If this parameter is omitted, the
current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the resetpwd
operation, type the following at the command line:
Specifies the domain with which to verify/reset the time.
/d:Domain
Specifies the domain with which to verify/reset the time. If
the parameter is omitted, then the domain that the current computer
belongs to is used.
/ud:[Domain\]User
Specifies the user account that makes the connection with the
domain in the /d parameter. If this parameter is omitted,
the current user account is used.
/pd:{Password|*}
Specifies the password of the user account that is specified in
the /ud parameter. Use * to be prompted for the
password.
/uo:User
Specifies the user account that makes the connection with the
machine to which the time operation will be performed. If
this parameter is omitted, the current user account is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/verify
Displays the synchronization status of all domain controllers
within the domain.
/reset
Synchronizes the clocks of those domain controllers which are
not within the allowed skew range for the domain.
/synch
Specifies to automatically resynchronize a specified domain
controller or all domain controllers that are out of synch.
WORKSTATION
Resets and/or verifies the time for all the workstations in a
domain.
SERVER
Resets and/or verifies the time for all the domain controllers
in a domain.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the time operation,
type the following at the command line:
Specifies the name of the trusted domain. If the parameter is
omitted, then the domain that the current computer belongs to is
used.
/uo:User
Specifies the user account that makes the connection with the
trusting domain. If this parameter is omitted, the current user
account is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/verify
Verifies the secure channel secrets upon which a specific trust
is based.
/reset
Resets the trust secret between trusted domains or between the
domain controller and the workstation.
/passwordt:NewRealmTrustPassword
Specifies a new trust password. This parameter is valid only
with the /add parameter and only if one of the domains
specified is a non-Windows Kerberos realm. The trust password is
set on the Windows domain only, which means that credentials are
not needed for the non-Windows domain.
/add
Specifies to create a trust.
/realm
Indicates that the trust is created to a non-Windows Kerberos
realm. The /realm parameter is valid only with the
/add and /passwordt parameters.
/remove
Specifies to break a trust.
/force
Removes both the trusted domain object and the cross-reference
object for the specified domain from the forest. This is used to
clean up decommissioned domains that are no longer in use and were
not able to be removed by using the Active Directory Installation
wizard. This can occur if the domain controller for that domain was
disabled or damaged and there were no domain controllers or it was
not possible to recover the domain controller from backup media.
This parameter is valid only when the /remove parameter is
specified.
/twoway
Specifies to establish a two-way trust relationship rather than
a one-way trust relationship.
/kerberos
Specifies to exercise the Kerberos protocol between a
workstation and a target domain. This parameter is valid only when
the /verify parameter is specified.
/transitive[:{YES|NO}]
Specifies whether to set a transitive or nontransitive trust.
This parameter is valid only for a non-Windows Kerberos realm.
Non-Windows Kerberos trusts are created as nontransitive. If a
value is omitted, then the current transitivity state is displayed.
Value
Description
YES
Sets the realm to a transitive trust.
NO
Sets the realm to a nontransitive trust.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the trust operation,
type the following at the command line:
Specifies the name of the computer whose secure connection is
verified.
/d:Domain
Specifies the domain with which to verify the secure
connection. If the parameter is omitted, then the domain that the
current computer belongs to is used.
/uo:User
Specifies the domain with which to verify the secure
connection. If this parameter is omitted, the current user account
is used.
/po:{Password|*}
Specifies the password of the user account that is specified in
the /uo parameter. Use * to be prompted for the
password.
/verbose
Specifies verbose output. By default, only the result of the
operation is reported. If /verbose is specified, the output
lists the success or failure of each transaction necessary to
perform the operation as well as returning an error level based on
the success (0) or failure (1) of the operation.
Remarks
To see the command-line usage for the verify operation,
type the following at the command line:
netdom Command Object
[/d: Domain] [Options]