nltest is a command-line tool provided by Microsoft Windows, primarily used for testing and querying domain controllers. It is part of the Windows Server resource kit tools and is mainly utilized by system administrators to maintain and troubleshoot Active Directory and NT LAN Manager (NTLM) settings. The command can be used to perform actions such as querying the status of domain controllers, managing trusts, and verifying replication readiness, among other administrative tasks.


nltest [options]

This command must be run from an elevated command prompt or with appropriate administrative privileges.


  • /QUERY: Queries the current domain’s primary domain controller (PDC). It displays information about the domain such as domain name and the PDC server name.
  • /DSGETDC:: Gets the domain controller for the specified domain.
  • /DSGETSITE: Retrieves the name of the site where the domain controller resides.
  • /DCNAME:: Finds the domain controller name for the given domain.
  • /DSGETDCNAME: This option is used to get more detailed information about the domain controller.
  • /LOGON_QUERY: Queries a domain controller for a user’s last logon time.
  • /SC_QUERY:: Displays the status of secure channels to a domain controller in the specified domain.
  • /SC_RESET:<dcname>: Resets the secure channel of the specified domain controller.
  • /SC_VERIFY:<dcname>: Verifies the secure channel to a domain controller.
  • /TRUSTED_DOMAINS: Displays a list of all trusted domains.
  • /BDC_QUERY: Queries backup domain controllers in the domain.
  • /SERVER: Specifies the server to which the operation is directed.

Each flag is used to specify different data queries or operations related to Windows domain and Active Directory settings.


Example 1: Query a Domain Controller

nltest /

This command will display details about the domain controller for

Example 2: Verify Secure Channel

nltest /SC_VERIFY:example\DC01

This command verifies the secure channel to the domain controller named DC01 in the example domain.

Example 3: Reset Secure Channel

nltest /SC_RESET:example\DC01

Use this command to reset the secure channel to the specified domain controller.

Common Issues

  • Permission Errors: Users might encounter permission-related errors if nltest commands are not run in an elevated command prompt or by users lacking necessary administrative rights. Ensure you have the required privileges before executing.
  • Network Issues: nltest relies on network connectivity to interact with domain controllers. If there’s a network issue, commands may fail. Always check your network settings if you encounter connectivity errors.


nltest can be effectively used with other CMD tools such as net use for managing network connections, or within scripts and batch files to automate domain management tasks. For example:

for /f %i in (servers.txt) do nltest /SC_VERIFY:example\%i

This command will verify the secure channels for a list of servers specified in servers.txt against the example domain.

  • netdom: This is another command-line tool used for managing Active Directory domains and trust relationships. It provides capabilities like joining domains, managing computer accounts, and more.
  • dcdiag: A tool used to analyze the state of domain controllers in a forest and report any problems to help in troubleshooting.

For further information and a more detailed guide on using nltest, you can visit the official documentation.