0

I have an external trust with my Active Directory domain. I want to validate the trust from a command so that I can do it remotely and don't have to open Remote Desktop and navigate to the AD domains and trusts console. I have read that netdom trust TrustingDomainName /d:TrustedDomainName /verify should work, but it does not. Whether locally or via psexec, I get The command failed to complete successfully. with an error code of 5.

Anyone know a command that does work?

Roman
  • 386
  • 5
  • 16
  • Netdom is the command tool to use. I don't think Powershell's test-computersecurechannel will do the job. For the netdom trust /verify command, try using admin credentials (Domain/Enterprise Admin) for both domains using the switches /PasswordO: /UserO: and /PasswordD: /UserD: – Art.Vandelay05 Dec 24 '15 at 15:55

2 Answers2

0

Error code 5 for Access is denied, you didn't have a appropriate rights to verify the Domain trust, should have a Domain admin/enterprise admin right or use run as with account which has a required access

Windowstricks
  • 1
  • 2
0

If access is denied for Netdom commands across a trust, you likely need to enable the Network access: Allow anonymous SID/Name translation group policy object on each domain controller.

The GPO is located in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

Source - https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation

Brad Groux
  • 1
  • 1