NLMON.TXT
=========
NLMON.EXE is a command-line utility that can be used to list and test many aspects of Trust relationships.  NLMON.EXE uses the Browser Service to enumerate Domain Controllers.  Therefor if browsing is not working correctly, NLMON.EXE may produce inconsistent results.  Also, the computer where NLMON.EXE is run, and also those providing the Browsing services, need to share the same protocols that are used by the Domain Controllers to carry out their Domain activity.

Below are the command-line parameters for NLMON.EXE which are obtained by typing "NLMON.EXE /?" without the quotes:

TIME : [<DATE> <TIME>]
Usage: nlmon /DOMAINLIST:<DomainList> /MONTRUST:<Yes/No> /UPDATE:<Mins> /DEBUG:<HexValue>

/DOMAINLIST:<DomainList> - Specify comma separated domain list to monitor, default is Primary/Account Domain
/MONTRUST:<Yes/No> - Specify to monitor trusted domains also, default is NO
/UPDATE:<Mins> - Specify refresh time
/DEBUG:<HexValue> - debug out level

Note:  The /DEBUG option is unsupported at this time.

EXAMPLE OUTPUT:

A:\>nlmon /domainlist:ESS,randymcd /montrust:yes /update:1
TIME : [08/02 22:56:53]
TIME : [08/02 22:57:24]
DomainName: ESS
ServerName      DCState    DCType     DCStatus   ReplStatus PDCLinkStatus
\\NET1         DCOnline   NTPDC      0          InSync     0

    Trusted DC List:
    TDomainName     TDCName         TSCStatus
    RANDYMCD        \\RANDYMC1      0

\\LITE          DCOffLine  NTBDC      53         Unknown    53
\\NET1          DCOffLine  NTBDC      53         Unknown    53
    Trusted Domain DCs:
    DomainName: RANDYMCD
    ServerName      DCState    DCType     DCStatus   ReplStatus PDCLinkStatus
    \\RANDYMC1      DCOnline   NTBDC      0          InSync     0
    \\RANDYMC2      DCOnline   NTPDC      0          InSync     0
    ............................................................................
DomainName: randymcd
ServerName      DCState    DCType     DCStatus   ReplStatus PDCLinkStatus
\\RANDYMC1      DCOnline   NTBDC      0          InSync     0
\\RANDYMC2      DCOnline   NTPDC      0          InSync     0
............................................................................
****************************************************************************


In the above example there is a one-way trust in which the ESS Domain Trusts the Randymcd Domain.  ESS is the Trusting domain, and Randymcd is the Trusted domain.

The command-line switch used in this example are:
/domainlist:ESS,randymcd  (The domains to monitor.)
/montrust:yes  (Monitor the secure channel between the trusting and trusted domains.)
/update:1  (Update this information every minute)

Defining each value of the output:

DomainName:	The information that follows is for the listed domain.
ServerName:	The information that follows is for the listed Domain Controller.
DCState:		This information is obtained from the Browser Service.
DCOnline:		Indicates the ServerName has been resolved and a session can be established to it.
DCOffLine:		Indicates the ServerName has not been resolved or a session cannot be established.  The computer may not be on the network.
DCType:		This information is obtained from the Browser service.
DCStatus:		Numerical error code for DCState.  A "0" indicates "The operation completed successfully." and a session can be established.  A "53" indicates "The network path was not found."
ReplStatus:	Indicates if the Backup Domain Controller is synchronized with the Primary Domain Controller.
InSync:		Indicates the Backup Domain Controller is synchronized with the Primary Domain Controller.  (PDCs are listed as InSync.)
InProgress:	Indicates that the synchronization process is occurring.
ReplRequired:	Indicates that a synchronization is needed in order for the Backup Domain Controllers to be up-to-date. 
PDCLinkStatus:	Indicates if the Backup Domain Controller has a Secure Channel with the Primary Domain Controller.

Trusted DC List:	Lists the Domain Controller in the Trusted Domain to which the Secure Channel is established.
TSCState:		Indicates the condition of the Secure Channel.  A "0" indicates the link is healthy.  
Trusted Domain DCs: For the listed Trusted Domain, the list of Domain Controllers active on the network are displayed.

For additional information on numerical status and errors, type NET HELPMSG followed by the numerical value.