Netdom is a command-line tool that is built into Windows Server 2008 and Windows Server 2008 R2. It is available if you have the Active Directory
Domain Services (AD DS) server role installed. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote
Server Administration Tools (RSAT).
You can use netdom to:
- Join a computer that runs Windows XP Professional, Windows Vista, or Windows 7 to a Windows Server 2008 R2, Windows Server 2008,
- Windows Server 2003, Windows 2000, or Windows NT 4.0 domain.
- Provide an option to specify the organizational unit (OU) for the computer account.
- Generate a random computer password for an initial Join operation.
- Provide an option to specify the organizational unit (OU) for the computer account.
- Manage computer accounts for domain member workstations and member servers. Management operations include:
- Add, Remove, Query.
- An option to specify the OU for the computer account.
- An option to move an existing computer account for a member workstation from one domain to another while maintaining
- the security descriptor on the computer account.
- Add, Remove, Query.
- Establish one-way or two-way trust relationships between domains, including the following kinds of trust relationships:
- From a Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 domain to a Windows NT 4.0 domain.
- From a Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 domain to a Windows 2000,
- Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 domain in another enterprise.
- Between two Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 domains in an enterprise
- (a shortcut trust).
- The Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 Server half of an interoperable
- Kerberos protocol realm.
- From a Windows 2000, Windows Server 2003, Windows Server 2008, or Windows Server 2008 R2 domain to a Windows NT 4.0 domain.
- Verify or reset the secure channel for the following configurations:
- Member workstations and servers.
- Backup domain controllers (BDCs) in a Windows NT 4.0 domain.
- Specific Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, or Windows 2000 replicas.
- Member workstations and servers.
- Manage trust relationships between domains, including the following operations:
- Enumerate trust relationships (direct and indirect).
- View and change some attributes on a trust.
- Enumerate trust relationships (direct and indirect).
Netdom uses the following general syntaxes:
NetDom <Operation> [<Computer>] [{/d: | /domain:} <Domain>] [<Options>] NetDom help <Operation>
Commands
|
Command
|
Description
|
|---|---|
Adds a workstation or server account to the domain.
|
|
Manages the
primary and alternate names for a computer. This command can safely
rename Active Directory domain controllers as well as member servers.
|
|
Joins a
workstation or member server to a domain. The act of joining a computer
to a domain creates an account for the computer on the domain, if it
does not already exist.
|
|
Moves a
workstation or member server to a new domain. The act of moving a
computer to a new domain creates an account for the computer on the
domain, if it does not already exist.
|
|
Queries the domain for information such as membership and trust.
|
|
Removes a workstation or server from the domain.
|
|
Renames a
Windows NT 4.0 backup domain controller to reflect a domain name
change. This can assist in Windows NT 4.0 domain renaming efforts.
|
|
Renames a domain
computer and its corresponding domain account. Use this command to
rename domain workstations and member servers only. To rename domain
controllers, use the netdom computername command.
|
|
Resets the secure connection between a workstation and a domain controller.
|
|
Resets the computer account password for a domain controller.
|
|
Establishes, verifies, or resets a trust relationship between domains.
|
|
Verifies the secure connection between a workstation and a domain controller.
|
Remarks
- A trust relationship is a defined affiliation between domains that enables pass-through authentication.
- A one-way trust relationship between two domains
means that one domain (the trusting domain) allows users who have
accounts on theother domain (the trusted domain), access to its
resources.
- The one-way trust relationship described here is
helpful in master domain models, but it is not the only kind of trust
relationship. When two one-way trusts are established between domains,
it is known as a two-way trust. In two-way trusts, each domain treats
the users from the trusted (and trusting) domain as its own users.
- By default, only the result of an operation is reported. For example, if you use the Join operation, you see output similar to the following:
success: mywksta joined to mycompany domain
- If you specify the /verbose parameter, the output lists the success or failure of each transaction that is necessary to perform the operation. For example, this time when you use the Join operation, you see output similar to the following:
success: adding machine account for mywksta to mycompany domain success: configuring lsa on mywksta success: mywksta joined to mycompany domain
- The /reboot parameter specifies that the computer being acted upon by the specified netdom operation is shut down and automatically rebooted after the completion of the operation. When you specify the /reboot parameter, the following message and a countdown timer display on the workstation screen, prior to the Restart operation:
- For nnn, netdom substitutes the name of the administrator that you enter by using the /uo parameter.
- The default delay before the computer restarts is 20 seconds.
No comments:
Post a Comment