- Start the Active Directory Domains and Trusts tool. The tool automatically locates a domain controller to read trust relationship data from.
- An icon is displayed for each domain that represents the root of each item in the hierarchy. Expanding any of these nodes displays the hierarchy of child domains, if any exist. To view the trust relationships for a specific domain, right-click the domain, and then click Properties.
- Click the Trusts tab. For each of the domains that the selected domain trusts (trusted), or is trusted by (trusting), the type of trust relationship and whether or not the trust relationship is transitive is displayed. Trusts can also be added or removed through the same interface. To view detail information or reset a transitive trust relationship, click the trust you want, and then click View/Edit.
- Start the Active Directory Users and Computers tool. Note that this defaults to the domain that the you are logged on to.
- On the View menu, click Advanced.
- Expand the contents of the left pane, and then locate the System container.
- In the right pane, use the Type column to identify all objects with a type of "Trusted Domain". To view more information about the specifics of a given trust, right-click the object, and then click Properties. The detail information about this trust relationship is displayed in a dialog box where an administrator can also reset the trust if it is of the transitive type.
- Trust Index (specific to each DC as the trusts are enumerated)
- NetBIOS Domain Name of the Trusted Domain
- DNS Domain Name of the Trusted Domain
- Trust Type (NT 4, NT 5, MIT, or DCE)
- Any of the following flags:
- Direct Outbound: There is a direct trust relationship between the domain for the server queried and this domain.
- Native: This domain is currently in native mode.
- Primary Domain: This domain is the domain for the server that was used in the query.
- Forest Tree Root: This domain represents the root of a tree in the forest.
- Forest: index number: For this trusted domain, where index number is the index number of it's parent domain in the same NLTEST list.
Trusted domain list:
1: CHILD child.root.com (NT 5) (Forest: 3) (Direct Outbound)
2: GRANDCHILD grandchild.child.root.com (NT 5) (Forest: 1)
3: ROOT root.com (NT 5) (Forest Tree Root) (Primary Domain)
4: NT4DOMAIN (NT 4) (Direct Outbound)
5: NEWROOT newroot.com (NT 5) (Forest Tree Root) (Direct Outbound) ( Attr: 0x800000 )
- At a command prompt, type start adsiedit.msc to start an MMC console with the ADSI Edit tool already present. It also populates the left pane with at least three nodes, one for each writ able naming context, or partition, of the Active Directory. These are the default Domain, Schema, and Configuration naming contexts.
- Expand the Domain NC [dc=your domain name,dc=com] node in the left pane of the MMC console. Continue to expand this node until you can locate and expand the node named CN=System.
- In the right pane, use the Class column to identify all objects with a type of trustedDomain. To get more information regarding the specifics of a given trust, right-click the object, and then click Properties.
- Click Both in the Select which properties to view box.
- Different data about the trust is kept in several key attributes of each trustedDomain object. The following are the key attributes to select in the Select a property to view box and their meanings:
flatName: Contains the NetBIOS name of the domain for this Trust.
trustDirection: Contains the direction of the established trust relationship.0=DisabledtrustPartner: Contains a string that represents the DNS-style name of the domain if it is a Windows 2000 domain or the NetBIOS name of the domain if it is a downlevel trust.
1=Inbound (Trusting Domain)
2=Outbound (Trusted Domain)
3=Both (Trusted and Trusting)
trustType: Contains the type of trust relationship established to the domain.1=Downlevel Trust
2=Windows 2000 (Uplevel) Trust
Article ID: 228477 - Last Review: Jun 22, 2014 - Revision: 1