1

Good Day,

Do we have any command where we can check the trust relationship between 2 domains. Example : lets consider there is a domains called xyz.1.com and abc.1.com how can we know whether there is a trust between xyz and abc domains any direct command we have for this .

Regards, Vikas Chandra.C

Massimo
  • 68,714
  • 56
  • 196
  • 319
vikas
  • 329
  • 3
  • 6
  • 13

2 Answers2

2

use this: 

Get-ADObject -Filter {objectClass -eq "trustedDomain"} -Properties TrustPartner,TrustDirection,trustType | FT Name,TrustPartner,TrustDirection,TrustType

per Viewing the Trusts for a Domain

Jim B
  • 23,938
  • 4
  • 35
  • 58
  • Thank You For the Command will give it a try and post the results – vikas Jun 09 '16 at 09:28
  • This also requires the AD PowerShell module, usually installed along with RSAT. – Massimo Jun 10 '16 at 17:48
  • @Massimo yes but you can run the session remotely requiring no install whatsoever. No powershell module should ever require local install if it's available remotely – Jim B Jun 10 '16 at 18:11
  • Correct. But this would make the command quite a bit more complex. As you posted it, it can only work where RSAT/AD is installed. – Massimo Jun 10 '16 at 18:37
  • 1
    I can't post all 50 ways you can use posh to accomplish a given task. The command given is the Microsoft preffered method from the article on how to search. If you wanted the CIM version, or do this from Linux, it's presumed you understand how to invoke the command from those environments. – Jim B Jun 11 '16 at 11:24
1

The command you are looking for is netdom.

To check whether a trust is correctly in place between two domains, you can use the verify option:

netdom trust abc.1.com /d:xyz.1.com /verify
netdom trust xyz.1.com /d:abc.1.com /verify

You can also check if a two-way trust relationship is in place using a single command:

netdom trust abc.1.com /d:xyz.1.com /verify /twoway
Massimo
  • 68,714
  • 56
  • 196
  • 319
  • ok may I know how are the parameters passed . netdom xyz abc verify ? – vikas Jun 08 '16 at 17:11
  • Just read the link; I've also added examples. – Massimo Jun 08 '16 at 17:12
  • You can also use NetBIOS names (`abc` and `xyz`), but it's usually better to use FQDNs. – Massimo Jun 08 '16 at 17:13
  • netdom trust abc.1.com /d:xyz.1.com /verify netdom trust xyz.1.com /d:abc.1.com /verify the commands can be given only on the server where ADDS is installed ? or can we run the command @ our local machine – vikas Jun 08 '16 at 17:22
  • You can run it on a domain controller or on any domain computer where the Active Directory administration tools are installed. – Massimo Jun 08 '16 at 17:39
  • 1
    Note that netdom requires the RSAT in win7 and above. – Jim B Jun 09 '16 at 13:35
  • Why the downvote? This is the exact command to use perform the task requested by the OP... I really don't understand why there is a downvote. Whoever did it, would you care to explain please? – Massimo Jun 10 '16 at 17:26
  • @vikas if you found the answer hekpful, please upvote and/or accept it. – Massimo Jun 10 '16 at 17:49