Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Netdom.exe: Windows Domain Manager
This command-line tool enables administrators to manage Windows Server 2003 and Windows 2000 domains and trust relationships from the command line.
You can use NetDom to:
Join a Windows XP Professional-based computer to a Windows Server 2003 or Windows 2000 or Windows NT 4.0 domain.
Provide an option to specify the organizational unit for the computer account.
Generate a random computer password for initial join.
Manage computer accounts for domain member workstations and member servers. Management operations include:
Add, Remove, Query.
An option to specify the organizational unit for the computer account.
An option to move an existing computer account for a member workstation from one domain to another while maintaining the security descriptor on the computer account.
Establish one-way or two-way trust relationships between domains, including the following kinds of trust relationships:
From a Windows 2000 or Windows Server 2003 domain to a Windows NT 4.0 domain.
From a Windows 2000 or Windows Server 2003 domain to a Windows 2000 or Windows Server 2003 domain in another enterprise (an "uplevel" external trust).
Between two Windows 2000 or Windows Server 2003 domains in an enterprise (a shortcut trust).
The Windows Server 2003 or Windows 2000 Server half of an interoperable Kerberos realm.
Verify and/or reset the secure channel for the following configurations:
Member workstations and servers.
BDCs in a Windows NT 4.0 domain.
Specific Windows Server 2003 or Windows 2000 replicas.
Manage trust relationships between domains, including the following operations:
Enumerate trust relationships (direct and indirect).
View and change some attributes on a trust.
- You must run NetDom from the command window.
Much of the functionality of NetDom can be accessed from the Microsoft Management Console Active Directory Users and Computers snap-in, which is part of Windows Server 2003. More functionality can be accessed from the Active Directory: Domains and Trust snap-in which is the corresponding UI for NetDom’s Trust Management functionality.
A trust relationship is a defined affiliation between domains that enables pass-through authentication.
A one-way trust relationship between two domains means that one domain (the trusting domain) allows users who have accounts on the other domain (the trusted domain), access to its resources.
The one-way trust relationship described here is helpful in master domain models, but it is not the only kind of trust relationship. When two one-way trusts are established between domains, it is known as a two-way trust. In two-way trusts, each domain treats the users from the trusted (and trusting) domain as its own users.
The following are the system requirements for NetDom:
Windows Server 2003 or Windows XP Professional
- The Windows Server 2003 Administration Tools Pack must be installed on computers running Windows XP Professional for Netdom.exe to work. This tools pack is installed by default for computers running Windows Server 2003.
Alphabetical List of Tools