我希望能够快速logging我们在AD环境中有多less信任,所以我使用了nltest /server:<domain controller host> /domain_trusts /all_trusts
很容易找出1和2方式信任的位置,但我无法find正在显示的其他一些输出的文档。 例如:
0: MYDOMAIN mydomain.test.net (NT 5) (Forest: 1) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 ) 1: TEST test.net (NT 5) (Forest Tree Root) 2: CHILD child.ey.net (NT 5) (Forest: 1) 3: SUBCHILD subchild.child.ey.net (NT 5) (Forest: 6)
我得到直接出站和入站,我假设“NT 5”只是服务器发布版本(请纠正我,如果我错了),但是什么是“森林:#”数据被返回? 我唯一能说的是,子/域的数字更高。
“森林”显示“主域”是哪个入口2的成员。 它根据返回的条目数量而变化。 你可以通过为'/ forest'closures'/ all_trusts'来validation。
PS C:\WINDOWS\system32> nltest /domain_trusts /all_trusts List of domain trusts: 0: DOMAIN.SUF (MIT) (Direct Outbound) ( Attr: non-trans 0x1000000 ) 1: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound) 2: DOMAIN2 DOMAIN2.DOMAIN.SUF (NT 5) (Direct Inbound) 3: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 1) (Primary Domain) (Native) The command completed successfully PS C:\WINDOWS\system32> nltest /domain_trusts /forest List of domain trusts: 0: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound) 1: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 0) (Primary Domain) (Native) The command completed successfully