MZ@ !L!This program cannot be run in DOS mode. $Rؕ3}3}3}H̴3}H̱3}Rich3}PEL!  >@X.rsrc@@0H  (@Xp  0@P`p@tD4x$t\<,yĔMUIѸ\ԝQnQ,v_;FEQ MUI zh-CNHELPADD COMPUTERNAMEJOINMOVEQUERYREMOVE MOVENT4BDCRESETRESETPWDTRUSTVERIFYSYNTAXUserDUDPA PasswordDPDUserOUO PasswordOPOServerSOUVERBOSEDomainDRebootRebRealmReaVerifyVResetReseDirectDiAddARemoveRemTwoWayTKerberosKPDCSERVER WORKSTATIONDCOUFSMOTRUSTForceDC PasswordTPT TransitiveTransOneSideOSUserFUF PasswordFPF QuarantineNewName ToggleSuffixTS NameSuffixesNSH? MakePrimaryMPPA EnumerateEnumAlternateNames PrimaryNameAllNames ResetOneSideROS EXPERTHELPQEnableSIDHistoryESIDHForestTRANsitiveFTRAN SelectiveAUTHSAUTHAddTLNATLNAddTLNEXATLNEX RemoveTLNRTLN RemoveTLNEXRTLNEXSecurePasswordPromptSPP PasswordMPMSROEnableTgtDelegationETDEnablePimTrustEPTAuthTargetValidationATV ChildDomainCDInvokeTrustScannerITSTIME`Onx[ Rd[P[W %s vONT(Y b N)?NetDomtrustedtrusting/f&TRENAMECOMPUTER `O~~T(Y b N)?ynPA*** fJT: ҉r@b g*g[IN0*** fJT: ҉r@b g/f] Rdv DC: %1*gc[v_sQ/Spe %1A(  .H/I,NETDOM [ ADD | COMPUTERNAME | HELP | JOIN | MOVE | QUERY | REMOVE | MOVENT4BDC | RENAMECOMPUTER | RESET | TRUST | VERIFY | RESETPWD ] }TNbR[b0 *gbR[b}TN0 NETDOM HELP }TN -b- NETDOM }TN/.^R S(uv}TN g: NETDOM ADD NETDOM RESETPWD NETDOM RESET NETDOM COMPUTERNAME NETDOM QUERY NETDOM TRUST NETDOM HELP NETDOM REMOVE NETDOM VERIFY NETDOM JOIN NETDOM MOVENT4BDC NETDOM MOVE NETDOM RENAMECOMPUTER NETDOM HELP SYNTAX ʑYUO NET HELP lL0 NETDOM HELP }TN | MORE O\>f:y.^R0 la: SNǏS+T&^ gNa N netdom }TNv /VERBOSE c[~Q0 l O(uN N`Oh:y}TNl: - 'YQW[kNh_{ cgq>f:y.eQvUS͋0- \QW[kNhSSSvyv Ty OYeN T0 - [ T ] W[&{b_SNcO~}TNvS y0 - { T } W[&{b_yvRh0`O_{\vQ-NN*NyvcO~}TN0 - | W[&{RRh-Nvyv0S\vQ-NN*NyvcO~}TN0 OY (W NRl-N `O_{.eQ NETDOM T SWITCH1 b SWITCH20cO Ty/fS v0 NETDOM [name] {SWITCH1 | SWITCH2} - [...] W[&{h:y`OSN͑ YMRNyv0 O(uzzf:y .^R 0 (dkyd\OO(u Spe/W ,.eQNW(u7bvsQTv[x: %0 ,.eQN[a(u7bvsQTv[x: %0 0}TN]bR[b FO{:g*g͑e/TR0 0%1 _wWbXTNf9e[sQ0%0 P]N %1 0RW %2 v[hQS0 N{:g %3 ^zޏc0 0N %1 0R %2 v[hQSeHe0 @yr[(u7bSN(WvQ-NR^{:g^7bv~~USMO Rh: $^7b(WW-NvWc6RhVRh: $^7b(WW-Nv]\OzRh: $^7b(WW-Nv gRhVRh: Wv;NWc6RhV: ,%1 (]\Ozb gRhV) 8gg;N:g %1%0 ,W}T T;N:g %1%0 LPDC %1%0 <RID `l{thV %1%0 (~g;N:g %1%0 WbXTv[hQSn: {:g r`/W Wc6RhV ======= ============= ================= ͑nWbXTv[hQSn: {:g W Wc6RhV ======= ====== ================= @\\%1!-20s! %2!-18s!%3 @\\%1!-20s! ! ( %2 ) P]͑nN %1 0RW %2 v[hQS0N {:g %3 ^zޏc0 0*g͑nN %1 0R %2 v[hQS0 4<-> %1!-55s!%0 4<- %1!-55s!%0 4 -> %1!-55s!%0 vc %0 ^ Windows%0 (vQN) %0 [TSO\ONW ON{|W ========= ======================= ========== $[TSO\ONW ON{|W r` ========= ======================= ========== ====== [TSO\ONW ON{|W ========= ======================= ========== t %1!-31s!  ]  ]e_  *g~b0R  ]b~ 4<-> %1!-48s!%0 4<- %1!-48s!%0 4 -> %1!-48s!%0 4 %1!-48s!%0 0]bR %1 T %2 KNvON (%1 T %2 KNvONeHe ${:g r` ======== ====== %1!-32s!%0 X Oc Tek P *g Tek \*g cgq\Ջv͑}T Td\O͑n BDC %1 vOo`0 {:gYN NNvr`0 <)R(u "NETDOM HELP" SfYOo`0 |YgW] NX[(Wb/fN*N^ Windows Kerberos W `OSNO(u /FORCE h_ RdON[a0 LON N Rd! ُ/fN*NR'`v6r-P[ON0 N RdON0 <ON N Rd! ُ/f6r-P[ON0 NT| 6rW0 ON N Rd! ُ/fN*N6r-P[ON0YgP[W] NX[(W `Onx[ Rddk6r-P[ ON RQ!kЏL}TNv^c[ /FORCE h_0 8]bR͑nT %1 T %2 KNvON 0͑n %1 T %2 KNvON[x Lel͑nON[x$N*NW_{/f Windows 2000 W0 T(WW %1 N:NvQ[W %2 v ^ Windows ONnON[x H]bR:N[W %1 v^ Windows ONn ON[x <ُ/f^ Windows Kerberos WON (ONy(u(ONeTn:N) LWc6RhV %1 NvONW %2 [hQS1Y% Y N: |\ՋT|Wc6RhV %1 Nv NetLogon gR NgbLONW %2 v[hQSg d\O1Y% Y N: LWc6RhV %1 NvONW %2 [hQS͑n1Y% Y N: |\ՋT|Wc6RhV %1 Nv NetLogon gR NgbLONW %2 v[hQS͑n d\O1Y% Y N: l\Ջ(WWc6RhV %1 NۏL~g~b NSONWf %2 vW{tXT~ d\O1Y% Y N: XKerberos OS(WW %2 -Nv gRhV N bRW %1 -Nv[7bz tThe user in domain %2 was not able to authenticate via the Kerberos protocol in domain %1. %2 may trust %1 but the trust could not be verified using the Kerberos protocol because ON NS O0 ONS O0 \ONn:NS O0 \ONn:N NS O0 ON]S O0 ON] NS O0 D_{O(u /PasswordT }TNLSpec[ON[x0 /OneSide SpecOvSpeW[&{2N0[_{ /f "trusted" b "trusting"( NS+T_S)0 elޏcW %1 X`O]N %1 ^zNޏc0e_ޏc 6qT ͑eЏL netdom }TN0 0]bR͑n,g0W{:gv{:g^7b[x0 0el͑n,g0W{:gv{:g^7b[x0 8.eQN{:gvHQMRW(u7bvsQTv[x: %0 {:g]ReQ0RW %1 c %0 dl g:NdkON/T(u SID [{ R0dkWvNBl-N cOv@b g SID \eHe0 ]:NdkON/T(u SID [{ R0NgԏVvcCgpenc \ScSegSOWv SID0 vQNWv SID \ Rd0 $\ONn:N[{ SID0 (\ONn:N N[{ SID0 ,]:NdkON/T(u SID [{ R0 0l g:NdkON/T(u SID [{ R0 \S[vc0QzON/T(u SID [{ R0[ %1 vON/f NeQz ON0 0]:NdkON/T(u SID SSU_0 ,]:NdkONy(u SID SSU_0 ,]:NdkON/T(u SID SSU_0 ,:NdkON/T(u SID SSU_0 ,:NdkONy(u SID SSU_0 0]:NdkONy(u SID SSU_0 (dkON]h:N Sg O 0 (dkONl gh:N Sg O 0 (dkON]h:N Sg O 0 (\dkONh:N Sg O 0 (\dkONh:N NSg O 0 (dkON]h:N NSg O 0 (dkON]h:N NS~~ 0 (dkONl gh:N NS~~ 0 (dkON]h:N NS~~ 0 (\dkONh:N NS~~ 0 (\dkONh:N NNS~~ 0 (dkON]h:N NNS~~ 0 |NETDOM RENAMECOMPUTER machine /NewName:new-name [/UserD:user [/PasswordD:[password | *]]] [/UserO:user [/PasswordO:[password | *]]] [/Force] [/REBoot[:Time in seconds]] [/SecurePasswordPrompt] NETDOM RENAMECOMPUTER renames a computer. If the computer is joined to a domain, then the computer object in the domain is also renamed. Certain services, such as the Certificate Authority, rely on a fixed machine name. If any services of this type are running on the target computer, then a computer name change would have an adverse impact. This command should not be used to rename a domain controller. machine is the name of the workstation or member server to be renamed /NewName Specifies the new name for the computer. Both the DNS host label and the NetBIOS name are changed to new-name. If new-name is longer than 15 characters, the NetBIOS name is derived from the first 15 characters /UserD User account used to make the connection with the domain. The domain can be specified as "/ud:domain\user". If domain is omitted, then the computer's domain is assumed. /PasswordD Password of the user account specified by /UserD. A * means to prompt for the password /UserO User account used to make the connection with the machine to be renamed. If omitted, then the currently logged on user's account is used. The user's domain can be specified as "/uo:domain\user". If domain is omitted, then a local computer account is assumed. /PasswordO Password of the user account specified by /UserO. A * means to prompt for the password /Force As noted above, this command can adversely affect some services running on the computer. The user will be prompted for confirmation unless the /FORCE switch is specified. /REBoot Specifies that the machine should be shutdown and automatically rebooted after the Rename has completed. The number of seconds before automatic shutdown can also be provided. Default is 30 seconds /SecurePasswordPrompt Use secure credentials popup to specify credentials. This option should be used when smartcard credentials need to be specified. This option is only in effect when the password value is supplied as * @ NETDOM COMPUTERNAME machine [/UserO:user] [/PasswordO:[password | *]] [/UserD:user] [/PasswordD:[password | *]] [/SecurePasswordPrompt] /Add:<new-alternate-DNS-name> | /Remove:<alternate-DNS-name> | /MakePrimary:<computer-dns-name> | /Enumerate[:{AlternateNames | PrimaryName | AllNames}] | /Verify NETDOM COMPUTERNAME manages the primary and alternate names for a computer. This command can safely rename a domain controller or a server. machine The name of the computer whose names are to be managed. /UserO User account used to make the connection with the machine to be managed /PasswordO Password of the user account specified By /UserO. A * means to prompt for the password /UserD User account used to make the connection with the domain of the machine to be managed /PasswordD Password of the user account specified By /UserD. A * means to prompt for the password /Add Specifies that a new alternate name should be added. The new name must be a fully qualified DNS name(FQDN - computer name followed by primary DNS suffix, such as comp1.example.com.). /REMove Specifies that an existing alternate name should be removed. The name being removed must be a fully qualified DNS name (FQDN - computer name followed by primary DNS suffix, such as comp1.example.com.). /MakePrimary Specifies that an existing alternate name should be made into the primary name. The name being made primary must be a fully qualified DNS name (FQDN - computer name followed by primary DNS suffix, such as comp1.example.com.). /ENUMerate Lists the specified names. It defaults to AllNames. /Verify Checks if there is a DNS A record and an SPN for each computer name. /SecurePasswordPrompt Use secure credentials popup to specify credentials. This option should be used when smartcard credentials need to be specified. This option is only in effect when the password value is supplied as * |{:g T %1 Ǐ0 N*N gHev{:g T(DNS ;N:gh~{)gYSNS+T %2!d! *N UTF-8 W[0 e{:g T %1 vl Ncknx0 {:g T(DNS ;N:gh~{)SNS+TW[k(a-z0A-Z)0 peW[(0-9)TޏW[&{ FO N+T gzz + = ; , ? T * l{:gv NetBIOS TPN %1!d! *NW[0NetBIOS T \)w:N %2 0 4dkd\O\{:g %1 ͑}T T:N %20 gN gR(YfNS:gg)OVNV[v{:g T0 Ygdk{|WvNUO gR(W %1 NЏL R{:g Tf9e\Nubq_T0 lck(WُS{:g N[ňb Rd Active Directory W gR0 dkeelf9e{:g T0 |N[ňb Rd Active Directory W gRT dk{:g؏l g͑e/TRǏ0 dkeelf9e{:g T0 xdk{:g/fN*Nck(WGS~vWc6RhV0 _{[b Active Directory [ňT[Mbf9e{:g T0 Pdk{:g N][ňfNS:gg gR0 _{ Rddk gRMbf9e{:g T0 t\Ջ(W %1 NSb_ gRc6R{thV1Y% Qs %2!d!0elnx[/f&T[ňN fNS:gg gR0 \Ջ(W %1 NS{:g҉rOo`1Y% Qs %2!d!0elnx[{:g/f&T(W ҉rf9ebWc6RhVGS~Ǐ z-N0 <elޏc0R{:g %1 Nx/f %2!d!0 @1uN %1 /TRN{:g Tf9e {:gck(WsQ:g0%0 P_{O(u /ToggleSuffix }TNLSpec[ TyT"}_0 O(u /ToggleSuffix }TNLSpec[v TyT"}_ QN /ListSuffixes RQv Ty"}_V0 dk}TN(W adprop.dll -N[s0 ^v,g0WHr,g Ncknxv^N NS+Tdk}TN0 [ň adprop.dll vcknxHr,g0 dk}TN(W netapi32.dll -N[s0elR}dkeN0 nxOeN netapi32.dll (W|~eN9Y-NX[(W0 PThis command is implemented in netapi32.dll. The local version of this library does not contain this command. Either the version of the library on this computer is incorrect or the command is not running on Windows XP or Windows Server 2003 or later which is required for this operation. |dk}TN(W dnsapi.dll -N[s0elR}dkeN0 nxOeN dnsapi.dll (W|~eN9Y-NX[(W0 PThis command is implemented in dnsapi32.dll. The local version of this library does not contain this command. Either the version of the library on this computer is incorrect or the command is not running on Windows XP or Windows Server 2003 or later which is required for this operation. Active Directory Domain Services already contain a Computer Account or a Server Object with the specified name: %1. If these objects are associated with an existing computer in the domain then this name cannot be made primary. If these objects are not associated with an existing computer, it may have been improperly renamed or removed from the domain. Remove them from Active Directory Domain Services and retry the make primary operation. The following tools can be used to locate and remove these objects: For Computer Account - Active Directory Users and Computers . For Server Object - Active Directory Sites and Services . {:gv;N Ty/f: {:gvfbc Ty/f: {:gv@b g Ty/f: 4]bR\ %1 mR:N{:gvfbc Ty0 @el\ %1 mR:N{:gvfbc Ty0 /f: 4]\O:N{:gv fbc TybR Rd %10 @el\O:N{:gv fbc Ty Rd %10 /f: ]bR\ %1 :N{:gv;N Ty0 _{͑e/TR{:gMbOdk Tyf9euHe0 (WdkKNMR dk{:gSel (u7bTvQN{:g v^Nelg-NvvQN{:g0 c[ve Ty]N{:gfbc TyRh-N Rd0 (W͑e/TRT ;N{:g T\n:Nc[ve Ty0 <el\ %1 :N{:gv;N Ty0 /f: 0The specified trust is not a Non-Windows Realm Trust. Adding and Removing TLNs and TLN Exculsions are only supported for Non-Windows Realm trusts. The specified trust is not a Non-Windows Realm Trust. Changing this trust attribute is only supported for Non-Windows Realm trusts. The computer needs to be restarted in order to complete the operation. `7/Quarantine Valid only on an existing direct, outbound trust. Set or clear the domain quarantine attribute. Default is "no". When "yes" is specified, then only SIDs from the directly trusted domain will be accepted for authorization data returned during authentication. SIDS from any other domains will be removed. Specifying /Quarantine without yes or no will display the current state. /NameSuffixes Valid only for a forest trust or a Forest Transitive Non-Windows Realm Trust . Lists the routed name suffixes for trust_name on the domain named by trusting_domain_name. The /UserO and /PasswordO values can be used for authentication. The /Domain parameter is not needed. /ToggleSuffix Use with /NameSuffixes to change the status of a name suffix. The number of the name entry, as listed by a preceding call to /NameSuffixes, must be provided to indicate which name will have its status changed. Names that are in conflict cannot have their status changed until the name in the conflicting trust is disabled. Always precede this command with a /NameSuffixes command because LSA will not always return the names in the same order. /EnableSIDHistory Valid only for an outbound, forest trust. Specifying "yes" allows users migrated to the trusted forest from any other forest, to use SID history to access resources in this forest. This should be done only if the trusted forest administrators can be trusted enough to specify SIDs of this forest in the SID history attribute of their users appropriately. Specifying "no" would disable the ability of the migrated users in the trusted forest to use SID history to access resources in this forest. Specifying /EnableSIDHistory without yes or no will display the current state. /ForestTRANsitive Valid only for Active Directory Trusts and Non-Windows Realm Trusts, and can only be performed on the root domain for a forest. Specifying "yes" marks this trust as Forest Transitive. Specifying "no" marks this trust as Not Forest Transitive. Specifying /ForestTRANsitive without yes or no will display the current state of this trust attribute. /SelectiveAUTH Valid only on outbound Forest and External trusts. Specifying "yes" enables selective authentication across this trust. Specifying "no" disables selective authentication across this trust. Specifying /SelectiveAUTH without yes or no will display the current state of this trust attribute. /AddTLN Valid only for a Forest Transitive Non-Windows Realm Trust and can only be performed on the root domain for a forest. Adds the specified Top Level Name (DNS Name Suffix) to the Forest Trust Info for the specified trust. Also see the /NameSuffixes operation to list name suffixes. /AddTLNEX Valid only for a Forest Transitive Non-Windows Realm Trust and can only be performed on the root domain for a forest. Adds the specified Top Level Name Exclusion (DNS Name Suffix)to the Forest Trust Info for the specified trust. Also see the /NameSuffixes operation to list name suffixes. /RemoveTLN Valid only for a Forest Transitive Non-Windows Realm Trust and can only be performed on the root domain for a forest. Removes the specified Top Level Name (DNS Name Suffix) from the Forest Trust Info from the specified trust. Also see the /NameSuffixes operation to list name suffixes. /RemoveTLNEX Valid only for a Forest Transitive Non-Windows Realm Trust and can only be performed on the root domain for a forest. Removes the specified Top Level Name Exclusion (DNS Name Suffix)from the Forest Trust Info from the specified trust. Also see the /NameSuffixes operation to list name suffixes. /SecurePasswordPrompt Use secure credentials popup to specify credentials. This option should be used when smartcard credentials need to be specified. This option is only in effect when the password value is supplied as * /EnableTgtDelegation Set to no to disable Kerberos full delegation on outbound forest trusts. This prevents services in the other forests from receiving forwarded TGTs. Warning: By setting EnableTgtDelegation to no, services in the other forests with "Trust this computer/user for delegation to any service" configured will not be able to use Kerberos full delegation with any account in this forest to any service. /EnablePIMTrust Specifies whether to enable or disable Privileged Identity Management trust behaviors on this trust. In order to enable this trust attribute, the trust must first be marked as forest transitive. Specifying /EnablePIMTrust without yes or no will display the current state of this trust attribute. /AuthTargetValidation Specifies whether to enable or disable authentication target validation for authentication requests on the specified trust. For forest trusts, the setting can optionally be limited to a specific child domain using the /ChildDomain parameter. NOTE: disabling this validation causes security vulnerabilities and should only be done when necessary. /InvokeTrustScanner Requests that a trust scan operation be run for the specified trusting domain. If the trusting domain is specified as '*' all trusts will be scanned. This command must be run locally on the PDC itself. Note that the trust scanner runs automatically and this command is only intended for support scenarios. (ck(Wg~bW %1 vWc6RhV <ck(W:N OU %2 -Nv %1 R^{:g^7b (ck(W:N %1 R^{:g^7b ck(WN %1 ^zO݋ $ck(W RdN %1 vO݋ (ck(W Rd %1 v{:g^7b 0ck(W %1 Nn LSA WV{euOo` ck(W/TR gR %1 ck(W\Pbk gR %1 ck(WMn gR %1 (ck(WT,g0W~ %1 mRW^7b (ck(WN,g0W~ %1 RdW^7b ck(WReQW %1 $*g^zN %1 vO݋ (*g Rd %1 v{:g^7b (ck(W^zN %1 v[hQS l1uN gRhV N/ec}T TWc6RhV \[hQS͑n:N %1 1Y%0 ck(W^zN %2 v[hQS0 Lel\[hQS͑n:N}T Tv gRhV %10 ] bvQNWc6RhV0 (ck(WNW %1 v[hQޏc $ck(W Rd %1 vON^7b (ck(WSb_SONWv[a %1 $ck(W Rd %1 vON[a ck(WSb_:g[[a %1 ck(W Rd:g[[a %1 $ck(W:N %1 mRON^7b ck(WR^:g[ %1 $ck(WR^NW %1 vON (ck(WS LSA WV{euOo` (ck(WN %1 SSOWOo` (ck(W %1 NnSOWOo` $ck(W:N %1 n:g[

m]/T(u0 TGT Y>m]y(u0 $ck(W/T(u TGT Y>m0 $ck(Wy(u TGT Y>m0 TGT Y>m]~/T(u0 TGT Y>m]~y(u0 PIM ON]/T(u0 PIM ON]y(u0 $ck(W/T(u PIM ON0 $ck(Wy(u PIM ON0 PIM ON]/T(u0 PIM ON]y(u0 @S g^ Windows b荗gON{|W[Ndkd\O gHe0 <_{HQ\ONh:NSg O 6qTMb/T(u PIM0 Lck(W\dkONh:N NSg O0la ُ_N\y(u PIM ON0 fJT: N^(WQzON N/T(u Kerberos [te TGT Y>m0 gsQ~Oo`, S https://aka.ms/netdomtgtdelegation0 pMultiple records matched the domain you specified. Failed to find a record that matched the domain you specified. Authentication target validation for the specified domain has been enabled. Authentication target validation for the specified domain has been disabled. Authentication target validation for the specified domain is already enabled. Authentication target validation for the specified domain is already disabled. Only inbound or bi-directional forest trusts are valid for this operation. The trust scanner request was successfully submitted. Please check the event log for details on the outcome of the request. The LsaQueryForestTrustInformation2 call failed with 0x%x. The server may need the latest patches in order to support this method. 4VS_VERSION_INFOO%O%?StringFileInfo080404B0LCompanyNameMicrosoft Corporation8FileDescriptionNETDOM51FileVersion6.3.9600.20239 (winblue_ltsb_escrow.211220-1747)6 InternalNameNETDOM.EXE.LegalCopyright Microsoft Corporation. All rights reserved.FOriginalFilenameNETDOM.EXE.MUIj%ProductNameMicrosoft Windows Operating SystemBProductVersion6.3.9600.20239DVarFileInfo$TranslationPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX