Domain Trusts

Domain Trust Enumeration:

# .NET 
    ## PowerShell
        [System.DirectoryServices.ActiveDirectory.Domain] 
        ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).GetAllTrustRelationships()
    ## PowerView 
        Get-DomainTrust -API

# API 
    ## PowerView
        Get-DomainTrust -API

# Native 
nltest.exe /trusted_domains

# LDAP 
dsquery * -filter “(objectClass=TRUSTED_DOMAIN)” -attr *

Trust levels

DOWNLEVEL (0x00000001) - Trusted domain not running AD UPLEVEL (0x00000002)- Trusted domain running AD MIT (0x00000003) - trusted domain running *nix domain

Trust Attributes

Non-transitive (0x00000001) - if DomainA trusts DomainB and DomainB trusts DomainC, then DomainA does not automatically trust DomainC UP_LEVEL_ONLY (0x00000002) -only Windows 2000 operating system and newer clients can use the trust. QUARANTINED_DOMAIN (0x00000004) - SID filtering is enabled FOREST_TRANSITIVE (0x00000008) - cross-forest trust between the root of two domain forests running at least domain functional level 2003 or above. CROSS_ORGANISATION (0x00000010) - Trust to domain or forest that is not part of Org - adds OTHER_ORGZATION_SID WITHIN_FOREST (0x00000020) - parent->child or cross-link relationship TREAT_AS_EXTERNAL (0x00000040) -

PreviousDomain Enumeration NextDomain Mapping

Last updated 2 years ago