Updated: March 28, 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
NetDiag uses the following syntax:
netdiag [/q] [/v] [/l] [/debug] [/d:DomainName] [/fix] [/DcAccountEnum] [/test:TestName] [/skip:TestName] [/?]
- Specifies quiet output (errors only).
- Specifies verbose output.
- Sends output to Netdiag.log. This log file is created in the same directory where Netdiag.exe was run.
- Specifies even more verbose output. With this parameter, NetDiag takes a few minutes to complete.
- /d: DomainName
- Finds a domain controller in the specified domain.
- Fixes minor problems.
- Enumerates domain controller computer accounts.
- /test: TestName
Runs only the listed test(s). TCP/IP must be bound to one or more adapters before running any of the tests. Nonskippable tests are still run. A detailed explanation of the switches can be found on the Netdiag Remarks page.
Valid TestName values are:
Automatic Private IP Addressing (APIPA) address test. Tests whether APIPA is in use for the network adapters.
Bindings test. Lists all bindings, including interface name, lower module name, upper module name, whether the binding is currently enabled, and the owner of the binding.
Redirector and Browser test. Lists the protocols bound to the Browser service and the redirector.
Domain controller list test. Obtains a list of domain controllers for the domain.
Default gateway test. Attempts to contact each configured default gateway.
DNS test. Tests the availability of the configured DNS servers and verifies the current client's DNS registrations.
Domain controller discovery test. First finds a generic domain controller from directory service, then finds the primary domain controller. Then, finds a Windows 2000 domain controller (DC). If the tested domain is the primary domain, checks whether the domain GUID stored in Local Security Authority (LSA) is the same as the domain GUID stored in the DC. If not, the test returns a fatal error; if the /fix option is on, DsGetDC tries to fix the GUID in LSA.
IP address configuration test. Enumerates the TCP/IP configuration information for each network adapter.
IP address loopback ping test. Pings the IP loopback address of 127.0.0.1 for each adapter.
IP Security test. Tests whether IP Security is enabled and displays a list of active IP Security policies for the computer.
IPX test. Lists statistics for the IPX protocol installed on the computer.
Kerberos test. Checks whether the Kerberos package information is up-to-date.
Lightweight Directory Access Protocl (LDAP) test. Contacts all available domain controllers and determines which LDAP authentication protocol is in use.
Domain membership test. Checks to confirm details of the primary domain, including computer role, domain name, and domain GUID. Checks to see if NetLogon service is started, adds the primary domain to the domain list, and queries the primary domain security identifier (SID).
Modem diagnostics test. Lists configuration information for each modem found.
NetBT name test. Similar to the nbtstat -n command. It checks that the workstation service name
<00>is equal to the computer name. It also checks that the messenger service name
<03>, and server service name
<20>are present on all interfaces and that none of these names are in conflict.
Netcard queries test. Lists the network adapter configuration details, including the adapter name, configuration, media, globally unique identifier (GUID), and statistics. If this test shows an unresponsive network adapter, the remaining tests are aborted.
NetBT transports test. Lists the transport protocols that are bound to NetBT.
Netstat information test. Lists protocol statistics and current TCP/IP connections.
Netware test. Queries the nearest Netware server for current login information.
Routing table test. Lists static routes and whether they are persistent.
Trust relationship test. Tests trust relationships to the primary domain only if the computer is a member workstation, member server, or a Backup Domain Controller (BDC) domain controller that is not a PDC emulator. Checks that the primary domain security identifier (SID) is correct. Contacts an active DC. Connects to the SAM server on the DC. Uses the domain SID to open the domain to verify whether the domain SID is correct. Queries info of the secure channel for the primary domain. If the computer is a BDCDC, reconnects to the PDC emulator. If the computer is a member workstation or server, sets secure channel to each DC on the DC list for this domain.
Wide Area Network (WAN) configuration test. Lists settings and status on each COM port currently in use.
Windows Internet Name Service (WINS) service test. Tests the availability of the configured WINS server and the validity of the client registrations.
Winsock test. Lists protocols and ports available to the WinSock service.
- /skip: TestName
Skips the test specified by TestName. Nonskippable tests will still run. Valid TestName values are:
Automatic Private IP Addressing (APIPA) address test.
Redir and Browser test.
Domain controller list test.
Default gateway test.
Domain controller discovery test.
IP address configuration test.
IP address loopback ping test.
Lightweight Directory Access Protocol (LDAP) test.
Modem diagnostics test.
NetBT name test.
Netstat information test.
Routing table test.
Trust relationship test.
Wide Area Network (WAN) configuration test.
Windows Internet Name Service (WINS) test.