讀取 windows nltest /server /domain_trust 輸出

我希望快速了解我們在 AD 環境中擁有多少信任，所以我使用了nltest /server:<domain controller host> /domain_trusts /all_trusts

很容易找出 1 和 2 方式信任的位置，但我找不到有關正在顯示的其他一些輸出的文件。例如：

0: MYDOMAIN mydomain.test.net (NT 5) (Forest: 1) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
1: TEST test.net (NT 5) (Forest Tree Root)
2: CHILD child.ey.net (NT 5) (Forest: 1)
3: SUBCHILD subchild.child.ey.net (NT 5) (Forest: 6)

我得到直接出站和入站，我假設“NT 5”只是伺服器發布版本（如果我錯了請糾正我），但是返回的“森林：#”數據是什麼？我唯一能說的是子域/子域的數字更高。

“森林”顯示“主域”屬於哪個條目 2。它根據返回的條目數而變化。您可以通過將“/all_trusts”切換為“/forest”來驗證這一點。

PS C:\WINDOWS\system32> nltest /domain_trusts /all_trusts
List of domain trusts:
   0: DOMAIN.SUF (MIT) (Direct Outbound) ( Attr: non-trans 0x1000000 )
   1: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
   2: DOMAIN2 DOMAIN2.DOMAIN.SUF (NT 5) (Direct Inbound)
   3: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 1) (Primary Domain) (Native)
The command completed successfully

PS C:\WINDOWS\system32> nltest /domain_trusts /forest
List of domain trusts:
   0: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
   1: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 0) (Primary Domain) (Native)
The command completed successfully

引用自：https://serverfault.com/questions/875637