Enables administrators to manage Active Directory domains and trust relationships from the command prompt.

Netdom is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use netdom, you must run the netdom command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

You can use netdom to:

Join a computer that runs Windows XP Professional or Windows Vista to a Windows Server 2008 or Windows Server 2003 or Windows 2000 or Windows NT 4.0 domain.
- Provide an option to specify the organizational unit (OU) for the computer account.
- Generate a random computer password for an initial Join operation.
Manage computer accounts for domain member workstations and member servers. Management operations include:
- Add, Remove, Query.
- An option to specify the OU for the computer account.
- An option to move an existing computer account for a member workstation from one domain to another while maintaining the security descriptor on the computer account.
Establish one-way or two-way trust relationships between domains, including the following kinds of trust relationships:
- From a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain to a Windows NT 4.0 domain.
- From a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain to a Windows 2000 or Windows Server 2003 or Windows Server 2008 domain in another enterprise.
- Between two Windows 2000 or Windows Server 2003 or Windows Server 2008 domains in an enterprise (a shortcut trust).
- The Windows Server 2008 or Windows Server 2003 or Windows 2000 Server half of an interoperable Kerberos protocol realm.
Verify or reset the secure channel for the following configurations:
- Member workstations and servers.
- Backup domain controllers (BDCs) in a Windows NT 4.0 domain.
- Specific Windows Server 2008 or Windows Server 2003 or Windows 2000 replicas.
Manage trust relationships between domains, including the following operations:
- Enumerate trust relationships (direct and indirect).
- View and change some attributes on a trust.
  
  Note
  
  You must run netdom from an elevated command prompt.

Syntax

Netdom uses the following general syntaxes:

NetDom <Operation> [<Computer>] [{/d: | /domain:} <Domain>] [<Options>]
NetDom help <Operation>

Commands

Command	Description
Netdom add	Adds a workstation or server account to the domain.
Netdom computername	Manages the primary and alternate names for a computer. This command can safely rename Active Directory domain controllers as well as member servers.
Netdom join	Joins a workstation or member server to a domain. The act of joining a computer to a domain creates an account for the computer on the domain, if it does not already exist.
Netdom move	Moves a workstation or member server to a new domain. The act of moving a computer to a new domain creates an account for the computer on the domain, if it does not already exist.
Netdom query	Queries the domain for information such as membership and trust.
Netdom remove	Removes a workstation or server from the domain.
Netdom movent4bdc	Renames a Windows NT 4.0 backup domain controller to reflect a domain name change. This can assist in Windows NT 4.0 domain renaming efforts.
Netdom renamecomputer	Renames a domain computer and its corresponding domain account. Use this command to rename domain workstations and member servers only. To rename domain controllers, use the netdom computername command.
Netdom reset	Resets the secure connection between a workstation and a domain controller.
Netdom resetpwd	Resets the computer account password for a domain controller.
Netdom trust	Establishes, verifies, or resets a trust relationship between domains.
Netdom verify	Verifies the secure connection between a workstation and a domain controller.

Remarks

A trust relationship is a defined affiliation between domains that enables pass-through authentication.
A one-way trust relationship between two domains means that one domain (the trusting domain) allows users who have accounts on the other domain (the trusted domain), access to its resources.
The one-way trust relationship described here is helpful in master domain models, but it is not the only kind of trust relationship. When two one-way trusts are established between domains, it is known as a two-way trust. In two-way trusts, each domain treats the users from the trusted (and trusting) domain as its own users.
By default, only the result of an operation is reported. For example, if you use the Join operation, you see output similar to the following:
```
success: mywksta joined to mycompany domain
```
If you specify the /verbose parameter, the output lists the success or failure of each transaction that is necessary to perform the operation. For example, this time when you use the Join operation, you see output similar to the following:
```
success: adding machine account for mywksta to mycompany domain
success: configuring lsa on mywksta
success: mywksta joined to mycompany domain
```
The /reboot parameter specifies that the computer being acted upon by the specified netdom operation is shut down and automatically rebooted after the completion of the operation. When you specify the /reboot parameter, the following message and a countdown timer display on the workstation screen, prior to the Restart operation:
```
The system is shutting down. Please save
all work in progress and logoff. Any unsaved changes
will be lost. This shutdown was initiated because the
domain which this machine belongs to was changed by
nnn.
```
For nnn, netdom substitutes the name of the administrator that you enter by using the /uo parameter.
The default delay before the computer restarts is 20 seconds.

Additional references

Command-Line Syntax Key

	Note
	You must run netdom from an elevated command prompt.