2.20. Verifying a Trust

Problem

You want to verify that a trust is working correctly. This is the first diagnostics step to take if users notify you that authentication to a remote domain appears to be failing.

Solution

Using a graphical user interface

For the Windows 2000 version of the Active Directory Domains and Trusts snap-in:

  1. In the left pane, right-click on the trusting domain and select Properties.

  2. Click the Trusts tab.

  3. Click the domain that is associated with the trust you want to verify.

  4. Click the Edit button.

  5. Click the Verify button.

For the Windows Server 2003 version of the Active Directory Domains and Trusts snap-in:

  1. In the left pane, right-click on the trusting domain and select Properties.

  2. Click the Trusts tab.

  3. Click the domain that is associated with the trust you want to verify.

  4. Click the Properties button.

  5. Click the Validate button.

Using a command-line interface

> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Verify /verbose[RETURN]
   [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN]
   [/UserD:<TrustedDomainUser> /PasswordD:*]

Using VBScript

' The following code lists all of the trusts for the
' specified domain using the Trustmon WMI Provider.
' The Trustmon WMI Provider is only supported on Windows Server 2003.
' ------ SCRIPT CONFIGURATION ------
strDomain = "<DomainDNSName>" ' e.g. amer.rallencorp.com ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strDomain & _ "\root\MicrosoftActiveDirectory") set objTrusts = objWMI.ExecQuery("Select * ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.