Windows

讀取 windows nltest /server /domain_trust 輸出

  • October 27, 2017

我希望快速了解我們在 AD 環境中擁有多少信任,所以我使用了nltest /server:<domain controller host> /domain_trusts /all_trusts

很容易找出 1 和 2 方式信任的位置,但我找不到有關正在顯示的其他一些輸出的文件。例如:

0: MYDOMAIN mydomain.test.net (NT 5) (Forest: 1) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
1: TEST test.net (NT 5) (Forest Tree Root)
2: CHILD child.ey.net (NT 5) (Forest: 1)
3: SUBCHILD subchild.child.ey.net (NT 5) (Forest: 6)

我得到直接出站和入站,我假設“NT 5”只是伺服器發布版本(如果我錯了請糾正我),但是返回的“森林:#”數據是什麼?我唯一能說的是子域/子域的數字更高。

“森林”顯示“主域”屬於哪個條目 2。它根據返回的條目數而變化。您可以通過將“/all_trusts”切換為“/forest”來驗證這一點。

PS C:\WINDOWS\system32> nltest /domain_trusts /all_trusts
List of domain trusts:
   0: DOMAIN.SUF (MIT) (Direct Outbound) ( Attr: non-trans 0x1000000 )
   1: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
   2: DOMAIN2 DOMAIN2.DOMAIN.SUF (NT 5) (Direct Inbound)
   3: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 1) (Primary Domain) (Native)
The command completed successfully

PS C:\WINDOWS\system32> nltest /domain_trusts /forest
List of domain trusts:
   0: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
   1: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 0) (Primary Domain) (Native)
The command completed successfully

引用自:https://serverfault.com/questions/875637