Enables administrators to manage Active Directory domains and trust relationships from the command prompt.

Netdom is a command-line tool that is built into Windows Server 2008. It is available if you have the Active Directory Domain Services (AD DS) server role installed. To use netdom, you must run the netdom command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

You can use netdom to:

Syntax

Netdom uses the following general syntaxes:

NetDom <Operation> [<Computer>] [{/d: | /domain:} <Domain>] [<Options>]
NetDom help <Operation>

Commands

Command Description

Netdom add

Adds a workstation or server account to the domain.

Netdom computername

Manages the primary and alternate names for a computer. This command can safely rename Active Directory domain controllers as well as member servers.

Netdom join

Joins a workstation or member server to a domain. The act of joining a computer to a domain creates an account for the computer on the domain, if it does not already exist.

Netdom move

Moves a workstation or member server to a new domain. The act of moving a computer to a new domain creates an account for the computer on the domain, if it does not already exist.

Netdom query

Queries the domain for information such as membership and trust.

Netdom remove

Removes a workstation or server from the domain.

Netdom movent4bdc

Renames a Windows NT 4.0 backup domain controller to reflect a domain name change. This can assist in Windows NT 4.0 domain renaming efforts.

Netdom renamecomputer

Renames a domain computer and its corresponding domain account. Use this command to rename domain workstations and member servers only. To rename domain controllers, use the netdom computername command.

Netdom reset

Resets the secure connection between a workstation and a domain controller.

Netdom resetpwd

Resets the computer account password for a domain controller.

Netdom trust

Establishes, verifies, or resets a trust relationship between domains.

Netdom verify

Verifies the secure connection between a workstation and a domain controller.

Remarks

  • A trust relationship is a defined affiliation between domains that enables pass-through authentication.

  • A one-way trust relationship between two domains means that one domain (the trusting domain) allows users who have accounts on the other domain (the trusted domain), access to its resources.

  • The one-way trust relationship described here is helpful in master domain models, but it is not the only kind of trust relationship. When two one-way trusts are established between domains, it is known as a two-way trust. In two-way trusts, each domain treats the users from the trusted (and trusting) domain as its own users.

  • By default, only the result of an operation is reported. For example, if you use the Join operation, you see output similar to the following:

    success: mywksta joined to mycompany domain
    
  • If you specify the /verbose parameter, the output lists the success or failure of each transaction that is necessary to perform the operation. For example, this time when you use the Join operation, you see output similar to the following:

    success: adding machine account for mywksta to mycompany domain
    success: configuring lsa on mywksta
    success: mywksta joined to mycompany domain
    
  • The /reboot parameter specifies that the computer being acted upon by the specified netdom operation is shut down and automatically rebooted after the completion of the operation. When you specify the /reboot parameter, the following message and a countdown timer display on the workstation screen, prior to the Restart operation:

    The system is shutting down. Please save
    all work in progress and logoff. Any unsaved changes
    will be lost. This shutdown was initiated because the
    domain which this machine belongs to was changed by
    nnn.
    
  • For nnn, netdom substitutes the name of the administrator that you enter by using the /uo parameter.

  • The default delay before the computer restarts is 20 seconds.

Additional references