Windows
讀取 windows nltest /server /domain_trust 輸出
我希望快速了解我們在 AD 環境中擁有多少信任,所以我使用了
nltest /server:<domain controller host> /domain_trusts /all_trusts
很容易找出 1 和 2 方式信任的位置,但我找不到有關正在顯示的其他一些輸出的文件。例如:
0: MYDOMAIN mydomain.test.net (NT 5) (Forest: 1) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 ) 1: TEST test.net (NT 5) (Forest Tree Root) 2: CHILD child.ey.net (NT 5) (Forest: 1) 3: SUBCHILD subchild.child.ey.net (NT 5) (Forest: 6)
我得到直接出站和入站,我假設“NT 5”只是伺服器發布版本(如果我錯了請糾正我),但是返回的“森林:#”數據是什麼?我唯一能說的是子域/子域的數字更高。
“森林”顯示“主域”屬於哪個條目 2。它根據返回的條目數而變化。您可以通過將“/all_trusts”切換為“/forest”來驗證這一點。
PS C:\WINDOWS\system32> nltest /domain_trusts /all_trusts List of domain trusts: 0: DOMAIN.SUF (MIT) (Direct Outbound) ( Attr: non-trans 0x1000000 ) 1: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound) 2: DOMAIN2 DOMAIN2.DOMAIN.SUF (NT 5) (Direct Inbound) 3: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 1) (Primary Domain) (Native) The command completed successfully PS C:\WINDOWS\system32> nltest /domain_trusts /forest List of domain trusts: 0: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound) 1: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 0) (Primary Domain) (Native) The command completed successfully