Ntdsutil
ntdsutil是微软一项存在于Windows 2000及Windows Server 2003的系统工具。
启动
Ntdsutil.exe 位于 Windows 2000 CD-ROM 上,位于 \SupportTools
文件夹中。默认情况下,该工具在安装后会被复制到 %systemroot%\system32
文件夹中。当 ntdsutil 成功执行后,会显示出 ntdsutil 的提示符:
- C:\Documents and Settings\administrator.NWTRADERS>ntdsutil
- ntdsutil:
按?或 help 可以显示工具的第一层基本命令。
基本命令
? / Help | 显示帮助信息 |
Authoritative restore | 对 IT 数据库进行权威性恢复(见微软支援:权威性的恢复(页面存档备份,存于互联网档案馆)),通常用于恢复 AD 里的单一物件。 |
Domain management | 准备新网域的创建 |
Files | 管理 NTDS 数据库文件 |
IPDeny List | 管理 LDAP 的拒绝连线IP地址列表 |
LDAP policies | 管理 LDAP 协议策略 |
Metadata cleanup | 清理不使用的服务器元数据 |
Popups %s | 用“on”或“off”启用或禁用弹出 |
Quit | 离开 ntdsutil 工具 |
Roles | 管理 NTDS 角色所有者的token |
Security account management | 管理安全账户数据库 - 复制 SID 清理 |
Semantic database analysis | 语意数据分析器 |
Roles
提示符:fsmo maintenance:
? / Help | 显示帮助信息 |
Connections | 连接往指定的domain controller |
Quit | 离开 roles 模式 |
Seize domain naming master | Overwrite domain role on connected server |
Seize infrastructure master | Overwrite infrastructure role on connected server |
Seize PDC | Overwrite PDC role on connected server |
Seize RID master | Overwrite RID role on connected server |
Seize schema master | Overwrite schema role on connected server |
Select operation target | Select sites, servers, domains, roles and naming contexts |
Transfer domain naming master | Make connected server the domain naming master |
Transfer infrastructure master | Make connected server the infrastructure master |
Transfer PDC | Make connected server the PDC |
Transfer RID master | Make connected server the RID master |
Transfer schema master | Make connected server the schema master |
connections
提示符:server connections:
- ? - Show this help information
- Clear creds - Clear prior connection credentials
- Connect to domain %s - Connect to DNS domain name
- Connect to server %s - Connect to server, DNS name or IP address
- Help - Show this help information
- Info - Show connection information
- Quit - Return to the prior menu
- Set creds %s %s %s - Set connection creds as domain, user, pwd.