1

I'm looking to get a quick accounting of how many trusts we have in our AD environment so I used nltest /server:<domain controller host> /domain_trusts /all_trusts

It's easy enough to figure out where the 1 and 2 way trusts are but I can't find documentation on some of the other output that is being displayed. For example:

0: MYDOMAIN mydomain.test.net (NT 5) (Forest: 1) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
1: TEST test.net (NT 5) (Forest Tree Root)
2: CHILD child.ey.net (NT 5) (Forest: 1)
3: SUBCHILD subchild.child.ey.net (NT 5) (Forest: 6)

I get the direct outbound and inbound, I assume "NT 5" is just the server release version (please correct me if I'm wrong), but what is the "Forest: #" data being returned? The only thing I can tell is that the number is higher for child/sub domains.

ps2005
  • 13
  • 1
  • 5

1 Answers1

0

The 'Forest' shows which entry 2 that "Primary Domain" is a member of. It changes based on the number of entries that are returned. You can verify this by switching out '/all_trusts' for '/forest'.

PS C:\WINDOWS\system32> nltest /domain_trusts /all_trusts
List of domain trusts:
    0: DOMAIN.SUF (MIT) (Direct Outbound) ( Attr: non-trans 0x1000000 )
    1: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
    2: DOMAIN2 DOMAIN2.DOMAIN.SUF (NT 5) (Direct Inbound)
    3: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 1) (Primary Domain) (Native)
The command completed successfully

PS C:\WINDOWS\system32> nltest /domain_trusts /forest
List of domain trusts:
    0: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
    1: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 0) (Primary Domain) (Native)
The command completed successfully
spacenomyous
  • 1,319
  • 7
  • 15