Ask the Directory Services Team : Machine Account Password Process

I was asked in a PowerShell class if you could change the machine account password.

While yes you can, the real question is why would you want to? By the way, this is not a PowerShell specific thing, but a command line tool.

Usage: nltest [/OPTIONS]

    /SERVER:<ServerName> - Specify <ServerName>

    /QUERY - Query <ServerName> netlogon service

    /REPL - Force partial sync on <ServerName> BDC

    /SYNC - Force full sync on <ServerName> BDC

    /PDC_REPL - Force UAS change message from <ServerName> PDC

    /SC_QUERY:<DomainName> - Query secure channel for <Domain> on <ServerName>

    /SC_RESET:<DomainName>[\<DcName>] - Reset secure channel for <Domain> on <ServerName> to <DcName>

    /SC_VERIFY:<DomainName> - Verify secure channel for <Domain> on <ServerName>

/SC_CHANGE_PWD:<DomainName> - Change a secure channel  password for <Domain> on <ServerName>

    /DCLIST:<DomainName> - Get list of DC's for <DomainName>

    /DCNAME:<DomainName> - Get the PDC name for <DomainName>

    /DSGETDC:<DomainName> - Call DsGetDcName /PDC /DS /DSP /GC /KDC

        /TIMESERV /GTIMESERV /WS /NETBIOS /DNS /IP /FORCE /WRITABLE /AVOIDSELF /LDAPONLY /BACKG /DS_6

        /TRY_NEXT_CLOSEST_SITE /SITE:<SiteName> /ACCOUNT:<AccountName> /RET_DNS /RET_NETBIOS

    /DNSGETDC:<DomainName> - Call DsGetDcOpen/Next/Close /PDC /GC

        /KDC /WRITABLE /LDAPONLY /FORCE /SITESPEC

    /DSGETFTI:<DomainName> - Call DsGetForestTrustInformation

        /UPDATE_TDO

    /DSGETSITE - Call DsGetSiteName

    /DSGETSITECOV - Call DsGetDcSiteCoverage

    /DSADDRESSTOSITE:[MachineName] - Call DsAddressToSiteNamesEx

        /ADDRESSES:<Address1,Address2,...>

    /PARENTDOMAIN - Get the name of the parent domain of this machine

    /WHOWILL:<Domain>* <User> [<Iteration>] - See if <Domain> will log on <User>

    /FINDUSER:<User> - See which trusted domain will log on <User>

    /TRANSPORT_NOTIFY - Notify netlogon of new transport

    /DBFLAG:<HexFlags> - New debug flag

    /USER:<UserName> - Query User info on <ServerName>

    /TIME:<Hex LSL> <Hex MSL> - Convert NT GMT time to ascii

    /LOGON_QUERY - Query number of cumulative logon attempts

    /DOMAIN_TRUSTS - Query domain trusts on <ServerName>

        /PRIMARY /FOREST /DIRECT_OUT /DIRECT_IN /ALL_TRUSTS /V

    /DSREGDNS - Force registration of all DC-specific DNS records

    /DSDEREGDNS:<DnsHostName> - Deregister DC-specific DNS records for specified DC

        /DOM:<DnsDomainName> /DOMGUID:<DomainGuid> /DSAGUID:<DsaGuid>

    /DSQUERYDNS - Query the status of the last update for all DC-specific DNS records

    /BDC_QUERY:<DomainName> - Query replication status of BDCs for <DomainName>

    /LIST_DELTAS:<FileName> - display the content of given change log file

    /CDIGEST:<Message> /DOMAIN:<DomainName> - Get client digest

    /SDIGEST:<Message> /RID:<RID in hex> - Get server digest

    /SHUTDOWN:<Reason> [<Seconds>] - Shutdown <ServerName> for <Reason>

    /SHUTDOWN_ABORT - Abort a system shutdown

Ask the Directory Services Team : Machine Account Password Process

Published Friday, April 10, 2009 9:59 PM by Richard
Filed under:

Comments

No Comments