Option can be any of the following. (Parameters are not
case -sensitive.)
/server:ServerName
Runs NLTest at the specified remote computer. If this parameter
is not specified, the command is executed from the local
computer.
/query
Queries the local server or the server specified in
/server:ServerName for a healthy secure channel to a
domain
controller and for the status of directory service
replication with the primary domain controller (PDC). This can help
to determine the general status of the Netlogon service.
/repl
Forces partial synchronization of backup domain controller
(BDC) of the local server or the server specified in
/server:ServerName.
/sync
Forces a full, immediate synchronization of the BDC of the
local server or the server specified in /server:ServerName.
/pdc_repl
Forces a UAS change message from the PDC of the local server or
the server specified in /server:ServerName to all
BDCs.
/sc_query:DomainName
Queries and verifies the secure channel in the specified domain
for a local or remote Windows XP Professional-based computer.
This can be executed for a PDC if an explicit trust relationship
exists between two domains and the trusted domain is
specified.
/sc_reset:DomainName
Resets the secure channel between the local or remote
Windows XP Professional-based computers. This can be executed
for a PDC if an explicit trust relationship exists between two
domains and the trusted domain is specified.
/sc_verify:DomainName
Verifies the secure channel for DomainName on the server
specified in /server:ServerName.
/sc_change_pwd:DomainName
Changes a secure channel password for DomainName (on
ServerName, if specified with /server:ServerName).
/dclist:DomainName
Lists all domain controllers, PDC, and BDCs for
DomainName.
/dcname:DomainName
Lists the primary domain controller for DomainName.
/dsgetdc:DomainName
Calls DsGetDcName /PDC /DS /DSP /GC /KDC /TIMESERV
/GTIMESERV /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF
/SITE:SiteName /ACCOUNT:AccountName /RET_DNS
/RET_NETBIOS.
Each of these flags maps to a particular flag bit passed to
DsGetDcName. For more information, see the
DsGetDcName documentation in the Platform SDK.
Gets the name of the parent domain of this machine.
/dsderegdns:DnsHostName
Deregisters DNS host records /DOM: /DOMGUID: /DSAGUID:.
/dsgetsite
Calls DsGetSiteName.
/dsgetsitecov
Calls DsGetDcSiteCoverage.
/whowill:Domain/User
Queries the domain and indicates which domain controller has
the account in its local user account database. This is useful in
determining if a given domain controller contains the user account.
If the user name specified is that of the currently logged on user,
the user's current password is not sent to the domain controller.
This helps to determine whether duplicate accounts exist across
several domains.
/finduser:User
Queries explicit trusted domains for User. This is
useful when determining what trusted domain controller or what
trusted domain out of several trusted domains will authenticate a
user's credentials when a domain name is not specified in the SMB
packet. Many clients, such as Windows for Workgroups version 3.1
and the real-mode redirector in Windows 95, do not specify a
domain name.
/transport_notify
Notifies Netlogon of a new transport.
/dbflag:HexadecimalFlags
Sets a new debug flag. For most purposes, use 0x2000FFFF as the
value for HexadecimalFlags. The entry in the Windows XP
registry for debug flags
is
HKLM\System\CurrentControlSet\Services\Netlogon\Parameters\DBFlag.
/user:UserName
Displays many of the attributes for the specified user account
that are maintained in the user account database.
Note
This parameter does not work for Windows 2000 domain
controllers. It does work for Windows NT 4.0 and earlier
domain controllers, and for Windows 2000 and Windows NT
4.0 and earlier workstations and servers.
/time:HexadecimalLSLHexadecimalMSL
Converts Windows NT GMT time to ASCII. HexadecimalLSL is a hexadecimal value for least
significant longword. HexadecimalMSL is a hexadecimal value
for most significant longword.
/logon_query
Queries the cumulative number of logon attempts at the console
or over the network.
/parentdomain
Gets the name of the parent domain of this computer.
/domain_trusts
Queries for trusted domains (on ServerName, if specified
with /server:ServerName) /PRIMARY /FOREST
/DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V.
/dsregdns
Forces registration of all DC-specific DNS records.
/dsquerydns
Queries the status of the last update for all DC-specific DNS
records.
/bdc_query:DomainName
Queries for a list of backup domain controllers in
DomainName and displays their state of synchronization and
replication status.
/sim_sync:DomainNameMachineName
Simulates full synchronization replication.
/list_deltas:FileName
Displays the contents of the change log file FileName,
which lists changes to the user account database. Netlogon.chg is
the default name.
/cdigest:Message/domain:DomainName
Gets a client digest.
/sdigest:Message/rid:RID_In_Hexadecimal
Gets server digest.
/shutdown:Reason
[Seconds]
Shuts down local computer or ServerName for
Reason, a string, after Seconds, an integer. For a
complete description, see the Platform SDK documentation for
InitiateSystemShutdown.
nltest [Option1]
[Option2] ...