IT tutorials
 
Windows
 

Windows Server 2008 : Using netdom (part 2) - Verifying Trust Relationships

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
2/14/2014 12:51:25 AM

3. Verifying Trust Relationships

You can also use the netdom command to verify trust relationships. The basic syntax of the command is

netdom trust trusting_domain_name /domain:trusted_domain_name

Figure 1 shows the Active Directory Domains and Trusts console with a parent domain (pearson.pub) and a child domain (training.pearson.pub). There is a parent/child trust relationship between the two domains. Furthermore, the outgoing trust has been validated.

Figure 1. Verifying a trust with Active Directory Domains and Trusts

Note

There are two trusts between the domains. The parent trusts the child and the child trusts the domain. These trusts are displayed as an outgoing trust and an incoming trust in Figure 1.


You can perform the same check from the command line with the following command:

netdom trust training.pearson.pub /domain:pearson.pub

The concept of trusted and trusting domains and the terminology can be confusing. Figure 2 shows two domains with a one-way trust between them. Notice that the arrow is pointing to Domain B. When shown this way, it indicates that Domain A trusts Domain B, and users in Domain B can be granted access to resources in Domain A. In other words, Domain B is trusted by Domain A.

Figure 2. One-way trust relationship between two domains


The following table identifies many of the switches that can be used with the netdom trust command to validate a trust.

netdom Trust SwitchesComments
netdom trust trusting-domain
C:\>netdom training.pearson.pub

Enter the name of the trusting domain first. In Figure 2, this is Domain A in the outgoing trust.
/domain:domain
/domain:pearson.pub

Specifies the name of the trusted domain or Non-Windows Realm.

Note

You can create trusts with UNIX Realms and test them with the netdom trust command.

/userd:username
/userd:administrator

The user account used to make the connection with the domain specified by the /domain switch.
/passwordd:{password | *}
/passwordd:P@ssw0rd

The password of the user account specified by /userd. You can use an asterisk (*) and the command will prompt you to enter a password.
/usero:username
/usero:administrator

The user account for making the connection with the trusting domain.

Note

The “o” for /usero specifies that this is the user account for the other domain, or the trusting domain.

/passwordo:{password | *}
/passwordo:P@ssw0rd

The password of the user account specified by /usero. You can use an asterisk (*) and the command will prompt you to enter a password.
/verify

Verifies that the trust is operating properly.
/quarantine[:yes | : no]This switch enables you to view, set, or disable the /quarantine attribute. When set to yes, only SIDs from the directly trusted domain are able to access resources, and other SIDS are filtered out. When set to no (the default), any accounts in the trusted domain are accepted.

Tip

This is relevant if the trusted domain includes migrated accounts. The migrated accounts are filtered if this is set to yes, and won’t be able to access resources in the trusting domain.

Specifying /quarantine without yes or no displays the current state.

Figure 3 shows the result of entering the following command using some of these switches:

C:\>netdom trust training.pearson.pub /domain:pearson.pub
/userd:administrator /passwordd:* /usero:administrator
/passwordo:* /verify

Figure 3. Verifying a trust with the netdom command

If it’s a two-way trust, you can verify the trust from the other direction by swapping the trusted and trusting domains like the following command:

C:\>netdom trust pearson.pub /domain:training.pearson.pub
/userd:administrator /passwordd:* /usero:administrator
/passwordo:* /verify

 
Others
 
- Windows Server 2008 : Using netdom (part 1) - Identifying Operations Master Roles, Joining a Computer to a Domain
- Windows 7 : Windows Media Center - Some Tricks of the Trade (part 2) - Burning DVDs from Recorded TV, Setting Parental Control Ratings
- Windows 7 : Windows Media Center - Some Tricks of the Trade (part 1) - Viewing TV Shows on Your HDTV or Projector
- Windows 7 : The WMC Functions (part 2) - Pictures, Videos, Music
- Windows 7 : The WMC Functions (part 1) - TV
- Windows 7 : The WMC Hardware (part 2) - Can I Upgrade My Non-WMC PC to a WMC PC?
- Windows 7 : The WMC Hardware (part 1) - The New WMC PC Form Factors
- Windows 7 : Windows Media Center—What’s the Hubbub?
- Windows Server 2008 R2 high-availability and recovery features : Planning for High Availability
- Windows Server 2008 R2 high-availability and recovery features : Introduction to High Availability
 
Youtube channel
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS