Recipe 15.21. Viewing the Trusts for a DomainProblemYou want to view the trusts that are configured in a domain. SolutionUsing a graphical user interface
Using a command-line interface> netdom query trust /Domain:<DomainDNSName> Using VBScript' This code prints the trusts for the specified domain. ' ------ SCRIPT CONFIGURATION ------ strDomain = "<DomainDNSName>" ' e.g., rallencorp.com ' ------ END CONFIGURATION --------- ' Trust Direction Constants taken from NTSecAPI.h set objTrustDirectionHash = CreateObject("Scripting.Dictionary") objTrustDirectionHash.Add "DIRECTION_DISABLED", 0 objTrustDirectionHash.Add "DIRECTION_INBOUND", 1 objTrustDirectionHash.Add "DIRECTION_OUTBOUND", 2 objTrustDirectionHash.Add "DIRECTION_BIDIRECTIONAL", 3 ' Trust Type Constants - taken from NTSecAPI.h set objTrustTypeHash = CreateObject("Scripting.Dictionary") objTrustTypeHash.Add "TYPE_DOWNLEVEL", 1 objTrustTypeHash.Add "TYPE_UPLEVEL", 2 objTrustTypeHash.Add "TYPE_MIT", 3 objTrustTypeHash.Add "TYPE_DCE", 4 ' Trust Attribute Constants - taken from NTSecAPI.h set objTrustAttrHash = CreateObject("Scripting.Dictionary") objTrustAttrHash.Add "ATTRIBUTES_NON_TRANSITIVE", 1 objTrustAttrHash.Add "ATTRIBUTES_UPLEVEL_ONLY", 2 objTrustAttrHash.Add "ATTRIBUTES_QUARANTINED_DOMAIN", 4 objTrustAttrHash.Add "ATTRIBUTES_FOREST_TRANSITIVE", 8 objTrustAttrHash.Add "ATTRIBUTES_CROSS_ORGANIZATION", 16 objTrustAttrHash.Add "ATTRIBUTES_WITHIN_FOREST", 32 objTrustAttrHash.Add "ATTRIBUTES_TREAT_AS_EXTERNAL", 64 set objRootDSE = GetObject("LDAP://" & strDomain & "/RootDSE") set objTrusts = GetObject("LDAP://cn=System," & _ objRootDSE.Get("defaultNamingContext") ) objTrusts.Filter = Array("trustedDomain") Wscript.Echo "Trusts for " & strDomain & ":" for each objTrust in objTrusts for each strFlag In objTrustDirectionHash.Keys if objTrustDirectionHash(strFlag) = objTrust.Get("trustDirection") then strTrustInfo = strTrustInfo & strFlag & " " end If next for each strFlag In objTrustTypeHash.Keys if objTrustTypeHash(strFlag) = objTrust.Get("trustType") then strTrustInfo = strTrustInfo & strFlag & " " end If next for each strFlag In objTrustAttrHash.Keys if objTrustAttrHash(strFlag) = objTrust.Get("trustAttributes") then strTrustInfo = strTrustInfo & strFlag & " " end If next WScript.Echo " " & objTrust.Get("trustPartner") & " : " & strTrustInfo strTrustInfo = "" next DiscussionUsing a graphical user interfaceYou can view the properties of a particular trust by clicking on a trust and clicking the Properties button. Using a command-line interfaceYou can include the /Direct option if you want to view only direct trust relationships. If you don't use /Direct, implicit trusts that occur due to transitive trust relationships will also be listed. Using VBScriptThis script uses dictionary objects to ease the mapping of the various integer values for attributes such as trustType and trustDirection to descriptive names. A dictionary object in VBScript is analogous to a hash or associative array in other programming languages. The Add method accepts a key and value pair to add to the dictionary. The Keys method returns the keys of the dictionary as a collection. To access a value of the dictionary, you simply pass the key name as a parameter to the dictionary object, such as objDictionary( strKey ). Another option to query trusts programmatically is with the Trustmon WMI Provider. The Trustmon Provider is new to Windows Server 2003. See Recipe 15.22 for an example. See AlsoRecipe 15.22, MS KB 228477 (HOW TO: Determine Trust Relationship Configurations), and MSDN: TRUSTED_DOMAIN_INFORMATION_EX |