Netdom query
Applies To: Windows Server 2008, Windows Server 2008 R2
Queries the domain for information such as membership and trust.
Netdom is a command-line tool that is built into Windows Server 2008 and Windows Server 2008 R2. It is available if you have the Active Directory Domain Services (AD DS) server role installed. It is also available if you install the Active Directory Domain Services Tools that are part of the Remote Server Administration Tools (RSAT). For more information, see How to Administer Microsoft Windows Client and Server Computers Locally and Remotely (https://go.microsoft.com/fwlink/?LinkID=177813).
To use netdom, you must run the netdom command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.
Syntax
netdom query {/d: | /domain:}<Domain> [{/s: | /server:}<Server>] [{/ud: | /userd:}[<Domain>\]<User> {/pd: | /passwordd}{<Password>|*}] [/verify] [/reset] [/direct] {WORKSTATION|SERVER|DC|OU|PDC|FSMO|TRUST} [{/help | /?}]
Parameters
Parameter | Description | |
---|---|---|
{/d: | /domain:}<Domain> |
Specifies the domain to query for the information. If you do not specify this parameter, then netdom query uses the domain to which the current computer belongs. |
|
{/s: | /server:}<Server> |
Specifies the name of the domain controller that performs the query. |
|
{/ud: | /userd:}[<Domain>\]<User> |
Specifies the user account that makes the connection with the domain that you specify in the /d or /domain parameter. If you do not specify this parameter, netdom query uses the current user account. |
|
{/pd: | /passwordd}{<Password>|*} |
Specifies the password of the user account that you specify in the /ud or /userd parameter. If you specify the value of this parameter as a wildcard character (*), this parameter prompts you for the password. |
|
/verify |
Specifies verification of the secure channel secrets for all enumerated memberships or trusts, and then displays them. Only users who are enterprise-level administrators can verify all secure channel secrets. |
|
/reset |
Specifies resynchronization of the secure channel secrets for all enumerated memberships or trusts that are currently broken. The /reset parameter implies the /verify parameter. Unless the user is an enterprise-level administrator, the user might not be able to reset all enumerated trusts or memberships. |
|
/direct |
Indicates that the query for trust relationships returns only direct trust relationships, rather than direct and indirect relationships. This parameter is valid only when you specify Domain in the /d parameter. |
|
WORKSTATION|SERVER|DC|OU|PDC|FSMO|TRUST |
Specifies the type of list to generate. The following list shows the possible objects:
|
|
{/help | /?} |
Displays help at the command prompt. |
Examples
To list all the workstations in the domain Northamerica, type the following command at the command prompt:
netdom query /d:Northamerica WORKSTATION
To list all the servers in Northamerica, type the following command at the command prompt:
netdom query /d:Northamerica SERVER
To list all the domain controllers in the domain Northamerica, type the following command at the command prompt:
netdom query /d:Northamerica DC
To list all the OUs in devgroup.example.com, type the following command at the command prompt:
netdom query /d:devgroup.example.com OU
To list the PDC for Northamerica, type the following command at the command prompt:
netdom query /d:Northamerica PDC
To list the current PDC emulator for devgroup.example.com, type the following command at the command prompt:
netdom query /d:devgroup.example.com FSMO
You can use the Query operation with the /verify and /reset parameters to perform the Verify and Reset operations together. You can pipe the output of the Query operation to the netdom Verify or netdom Reset operation.
To list all servers and verify secure channel secret, type the following command at the command prompt:
netdom query /d:Northamerica SERVER /verify
To list all workstations and reset any unsynchronized secure channel secrets, type the following command at the command prompt:
netdom query /d:Northamerica WORKSTATION /reset
To list all the direct trust relationships for the domain Northamerica, type the following command at the command prompt:
netdom query /d:Northamerica /Ud:Northamerica\admin DOMAIN /Direct
To list all the direct and indirect trust relationships for the domain Northamerica, type the following command at the command prompt:
netdom query /d:Northamerica /Ud:Northamerica\admin DOMAIN
To list all trust relationships and check their status, type the following command at the command prompt:
netdom query /d:devgroup.example.com DOMAIN /verify