Domain Trusts: What does a trustAttributes value of 0x0 ( ) mean?

-

using script (http://gallery.technet.microsoft.com/scriptcenter/enumerate-domain-trusts-25ecb802) enumerate domain trusts , when looking @ trusts in adsiedit, find have 4 different trusts (some one-way, two-way) return 0x0 trustattributes value. have seen chart (http://msdn.microsoft.com/en-us/library/cc223779) values, cannot find value 0x0 mean. find information similar this:

0x00000001 - trust non-transitive
0x00000002 - trust valid windows 2000 (and newer) computers
0x00000008 - forest trust
0x00000010 - trust domain or forest not part of organization
0x00000020 - trusted domain within same forest
0x00000040 - external trust

i have googled quite bit , found many instances of value being returned part of event logs capturing trust related records (though value not part of error itself) don't believe uncommon... not documented can find it?

any appreciated!

sample of script returns zero:

two-way:

trust description:

trust created: 04/14/2010 15:54:02

trust modified: 11/20/2013 02:53:56

trust direction: bidirectional (two-way trust)

trust type: uplevel (active directory domain - parent-child, root domain, shortcut, external, or forest

trust attributes: 0

one-way:

trust description:

trust created: 10/09/2008 10:05:27

trust modified: 12/03/2013 14:37:24

trust direction: inbound (trusting domain)

trust type: uplevel (active directory domain - parent-child, root domain, shortcut, external, or forest

trust attributes: 0

from you're saying, 1 of them 1 way, non-transitive, inbound trust, assume show 0x1.

i'm starting think domain nt4 , has been upgraded. may explain anomalies. maybe dissolving trust, , re-creating it? know that's lot ask for.

the other thing can think of, since the documentation doesn't explain condition, is maybe give microsoft support call? realize there's small charge involved, if auditors absolutely need know means, may best option.
http://support.microsoft.com/contactus/

ace fekay
mvp, mct, mcitp/ea, mcts windows 2008/r2 & exchange 2007, exchange 2010 ea, mcse & mcsa 2003/2000, mcsa messaging 2003
microsoft certified trainer
microsoft mvp - directory services
technical blogs & videos: http://www.delawarecountycomputerconsulting.com/

this post provided as-is no warranties or guarantees , confers no rights.

facebook twitter linkedin



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authenticati...
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema ...
Read more

Invalid pointer on gpresult /h gpreport.html

-
hello guys i getting following error when trying generate gpresult /h  xxx.html invalid pointer this happening on windows 7 pc using test group policy. tried pc same thing when same gpo applied . hi, try apply some other gpo clients, html report generated succefully? if no, may caused unregistered .dll files, try register .dll files previous thread suggested: http://social.technet.microsoft.com/forums/en-us/winservergp/thread/0ea20c5d-c0ae-457d-89d4-a1686a359e72 if yes, please tell detailed information problematic gpo settings reproduce problem , troubleshooting it. regards, cicely Windows Server  >  Group Policy
Read more