NLTEST to test the trust relationship between a workstation and domain

1.NLTEST can be used to show this trust relationship.

 

PS C:\> nltest /trusted_domains
List of domain trusts:
    0: GS gs.com (NT 5) (Direct Outbound) (Direct Inbound) ( Attr: 0x8 )
    1: CONTOSO contoso.com (NT 5) (Forest Tree Root) (Primary Domain) (Native)
The command completed successfully

2.To determine the domain controllers in the CONTOSO domain:

            PS C:\> nltest /dclist:contoso      
            Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'.      
                              WIN-5Q4IM0060DO.contoso.com [PDC]  [DS] Site: IND-BLR            
            The command completed successfully      

3.To determine the domain controllers in the CONTOSO domain:

PS C:\> nltest /dclist:contoso
Get list of DCs in domain 'contoso' from '\\WIN-5Q4IM0060DO'.
    WIN-5Q4IM0060DO.contoso.com [PDC]  [DS] Site: IND-BLR
The command completed successfully

4.Below are the secure channels between each domain controller in CONTOSO and a DC in the MICROSOFT domain.

C:\>nltest /server:test1 /sc_query:microsoft
 Flags: 0
 Connection Status = 0 0x0 NERR_Succmicrosoft
 Trusted DC Name \\NET1
 Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
 The command completed succmicrosoftfully
 
 C:\>nltest /server:test2 /sc_query:microsoft
 Flags: 0
 Connection Status = 0 0x0 NERR_Succmicrosoft
 Trusted DC Name \\NET1
 Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
 The command completed succmicrosoftfully

5.The workstation that is a member of the CONTOSO domain has an implicit trust with a domain controller.

C:\>nltest /server:Computer1 /sc_query:contoso
Flags: 0
Connection Status = 0 0x0 NERR_Succmicrosoft
Trusted DC Name \\TEST2
Trusted DC Connection Status Status = 0 0x0 NERR_Succmicrosoft
The command completed succmicrosoftfully

 

6.To determine if a domain controller can authenticate a user account:

PS C:\> nltest /whowill:contoso biz
[11:06:22] Mail message 0 sent successfully (\MAILSLOT\NET\GETDC834)
[11:06:22] Response 0: NetpDcAllocateCacheEntry: new entry 0x000000D83F9ADBD0 -> DC:WIN-5Q4IM0060DO DnsDomName:(null) Flags:0x0

S:WIN-5Q4IM0060DO D:CONTOSO A:biz (Act found)
The command completed successfully 

7.NLTEST can be used to find a trusted domain that has a given user account.

8.Determine SRV priorities and weights (Command for trusting and trusted domain)

      PS C:\> nltest /dnsgetdc:contoso    .    com  

      List     of  DCs in  pseudo-random order taking into account SRV priorities and weights:

      Non-Site specific:  

                   win-5q4im0060do      .      contoso      .      com  fe80::e0a8:9c56:ba17:df5d%      12   10.224.34.1  

      The command completed successfully  

      PS C:\> nltest /dnsgetdc:gs    .    com  

      List     of  DCs in  pseudo-random order taking into account SRV priorities and weights:

      Non-Site specific:  

                   ban-dc01      .      gs      .      com        10.224.34.10      

      The command completed successfully  

  PS C:\>
  9.Determine the failures for all DC-specific DNS records

            PS C:\> nltest /DSQUERYDNS      
            Flags: 0      
            Connection Status = 0 0x0 NERR_Success      
            There was no failure in the last update for all DC-specific DNS records      
            The command completed successfully      

10.Reset the NETLON secure channel

nltest /sc_reset:<``domainname``>