5

Question 1:

  1. Am having my ActiveDirectory in Windowsserver 2012 machine - its domain name is AD-DEMO.LOCAL

  2. Kerberos admin-server is in another Ubuntu machine - its realm KERBEROS.COM

  3. Added trust in 'Active Directory Domains and Trusts'.

  4. Properties set for the trust realm in AD are,

    • transitive and two-way checking.

  5. Tried to verify the cross-realm trusts with the following "netdom" command,

    "netdom trust KERBEROS.COM /d:AD-DEMO.LOCAL /verify"

    And got this exception "The command failed to complete successfully"

Question 2:

To resolve this did a search and found these links ( Link 1 and Link 2);

From the info of these two links, I tried to enable validate property for the domains added. But I didnt find any properties like Validate in my AD Domains and trusts window.

Please suggest where I go wrong,

Community
  • 1
Dinesh Kumar P
  • 163
  • 1
  • 6
  • Per your Link 2: "You can verify trusts for shortcut, external, and forest trusts but not realm trusts." –  Feb 09 '15 at 21:08

1 Answers1

0

If you’re using the netdom trust /verify command, you would need to specify administrative credentials (Domain Admin/Enterprise Admin) for both domains using the switches /PasswordO:, /UserO:, /PasswordD: and /UserD:

Full Syntax:

netdom trust <TrustingDomainName> {/d: | /domain:} <TrustedDomainName> [{/ud: | /userd:}[<Domain>\]<User> [{/pd: | /passwordd:}{<Password>|*}] [{/uo: | /usero:}<User>] [{/po: | /passwordo:}{<Password>|*}] [/verify] [/reset] [/passwordt:<NewRealmTrustPassword>] [/add [/realm]] [/remove [/force]] [/twoway] [/kerberos] [/transitive[:{YES|NO}]] [/oneside:{TRUSTED | TRUSTING}] [/force] [/quarantine[:{YES | NO}]] [/namesuffixes:<TrustName> [/togglesuffix:#]] [/EnableSIDHistory] [/ForestTRANsitive] [/SelectiveAUTH][/AddTLN][/AddTLNEX][/RemoveTLN] [/RemoveTLNEX][/SecurePasswordPrompt] [/EnableTgtDelegation] [{/help | /?}]

Reference: Netdom trust

To verify a trust using the Windows interface

  1. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start , click Administrative Tools , and then click Active Directory Domains and Trusts .
  2. To open Active Directory Domains and Trusts in Windows Server® 2012, click Start , type domain.msc .
  3. In the console tree, right-click the domain that contains the trust that you want to verify, and then click Properties .
  4. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts) , click the trust to be verified, and then click Properties .
  5. Click Validate .

  6. Do one of the following, and then click OK :

    • Click No, do not validate the incoming trust. If you select this option, we recommend that you repeat this procedure for the reciprocal domain.

    • Click Yes, validate the incoming trust. If you select this option, you must type a user account and password with administrative credentials for the reciprocal domain.

Reference: Verify a trust

slayernoah
  • 1,570
  • 2
  • 12
  • 19