This command-line tool enables administrators to manage Windows domains and trust relationships from the command line. This tool is very handy for scripted installs, updates, adds/removes, and general info gathering.
- Join a computer that runs Windows XP Professional or Windows Vista to a Windows Server 2008 or Windows Server 2003 or Windows 2000 or Windows NT 4.0 domain.
- Manage computer accounts for domain member workstations and member servers.
- Establish one-way or two-way trust relationships between domains.
- Manage trust relationships between domains.
- Verify or reset the secure channel between workstations/servers, BDCs (NT4), Server 2008/2003/2000 replicas
| Command | Description |
|---|---|
| Netdom add | Adds a workstation or server account to the domain. |
| Netdom computername | Manages the primary and alternate names for a computer. This command can safely rename Active Directory domain controllers as well as member servers. |
| Netdom join | Joins a workstation or member server to a domain. The act of joining a computer to a domain creates an account for the computer on the domain, if it does not already exist. |
| Netdom move | Moves a workstation or member server to a new domain. The act of moving a computer to a new domain creates an account for the computer on the domain, if it does not already exist. |
| Netdom query | Queries the domain for information such as membership and trust. |
| Netdom remove | Removes a workstation or server from the domain. |
| Netdom movent4bdc | Renames a Windows NT 4.0 backup domain controller to reflect a domain name change. This can assist in Windows NT 4.0 domain renaming efforts. |
| Netdom renamecomputer | Renames a domain computer and its corresponding domain account. Use this command to rename domain workstations and member servers only. To rename domain controllers, use the netdom computername command. |
| Netdom reset | Resets the secure connection between a workstation and a domain controller. |
| Netdom resetpwd | Resets the computer account password for a domain controller. |
| Netdom trust | Establishes, verifies, or resets a trust relationship between domains. |
| Netdom verify | Verifies the secure connection between a workstation and a domain controller. |
Examples
Here are a few examples that might be of some use. Some things you might not do every day, but you will be called upon from time to time to perform.
Join a Workstation or Member Server to a Domain
To join TheWorkStation to the my.example.com domain in the developers/workstations organizational unit, type the following at the command prompt:
netdom join /d:my.example.com TheWorkStation /OU:OU=developers,OU=Workstations,DC=myrootdomain,DC=com
Besides adding the computer account to the domain, the workstation is modified to contain the appropriate shared secret to complete the join operation.
Remove a Workstation or Member Server from a Domain
To remove TheWorkStation from the mydomain domain and make the workstation a part of a workgroup, type the following at the command prompt:
netdom remove /d:mydomain TheWorkStation /ud:mydomain\admin /pd:password
Verify a Workstation or Member Server Secure Channel
To verify the secure channel secret is maintained between TheWorkStation and developers.example.com, type the following at the command prompt:
netdom verify /d:developers.example.com TheWorkStation
View All Workstation Members in a Domain
To list all the workstations in the domain MyWindowsDomain, type the following at the command prompt:
netdom query /d:MyWindowsDomain WORKSTATION
View All Server Members in a Domain
To list all of the servers in MyWindowsDomain, type the following at the command prompt:
netdom query /d:MyWindowsDomain SERVER
View All Domain Controller Members in a Domain
To list all the domain controllers in the domain MyWindowsDomain, type the following at the command prompt:
netdom query /d:MyWindowsDomain DC
View All Organizational Unit Members in a Domain
To list all of the OUs in developers.domain.com, type the following at the command prompt:
netdom query /d:developers.domain.com OU
Rename a Domain Cmoputer
To rename domain workstations and member servers only. To rename domain controllers, use the netdom computername command.
netdom renamecomputer MyOldName /newname:MyNewName.example.com /userd:administrator
Rename Active Directory Domain Controllers
Manage the primary and alternate names for a computer. This command can safely rename Active Directory domain controllers as well as member servers. Before you can make a name the primary name of a computer, that name must exist as an alternate. To give an alternate name for the domain controller DC in the example.com domain, use the following syntax:
netdom computername dc /add:altDC.example.com
Then, use the following to rename the domain controller:
netdom computername dc /makeprimary:altdc.example.com