Friday, September 11, 2009

Domain Trust – part III

Part I covered the basic concept of Domain Trust.
Part II covered the different Trust types.
Now it’s time to go over Trust related troubleshooting skills

The first step is determining the type of Trust. There are few ways to complete this task:
Active Directory Domains and Trusts console - The Domain ‘Properties’ box has a Trusts tab with all available Trusts for the Domain

Active Directory Users and Computers console – For the Domain, the View menu has an ‘Advanced Features’ option. The ‘System’ container has a list of objects; we’re looking here at the ‘Trusted Domain’ type.

NLTEST - Resource kit tool that can display Trusts (among other data). The following command will show all trusted domain:
NLTEST /server:server name /trusted_domains

ADSI Edit – Another Resource kit tool that can do the job. Expanding the domain in question and browsing to the System class properties will give you the list of Trusted domains.

Each of these provides significant data on the Trusts and related problems. Make sure you’re familiar with each one of them and capable of using them if required.

WinNT presented a great tool that survived till this day: NLTEST
NLTEST test secure channels between domain controllers that trust other domains.
Though it is a WinNT document, this tool work great on every domain level and like the previous list, it is a very important tool that should be available and used by any domain admin.

1 comment: