trustDirection Attribute Enumeration

Posted by BPuhl on May 2, 2008

Sitting in a coffee shop in Seattle – which is where I can usually get the most work done – and am helping a friend out by throwing together a VBScript that will enumerate all of the trusts, for all domains in a forest. Not rocket surgery by any means, but one of the things which I thought would be nice to include is the direction of the trust, which is held on the aptly named trustDirection attribute of the trustedDomain object.

Exploring a little bit through CORP, I was basically able to guess what the values meant, since I know what our forest/trust structure looks like, but since the attribute is just a number, I wanted to make sure that I had all of the options. I followed my instincts straight to my favorite search engine, and queried for the attribute, which promptly landed me on the MSDN page – previous experience telling me, that this is going to get me nowhere, because normally all you get is version and light information about the structure of the attribute.

So, much to my surprise, that down at the bottom in the Community Content section, Joe Richards had put the information which people would actually want and use.

So thank you Joe – for updating the documentation with the information which is actually relevant and useful.

This entry was posted on May 2, 2008 at 1:31 pm and is filed under Active Directory. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

One Response to “trustDirection Attribute Enumeration”

joe said

May 11, 2008 at 6:26 am
No problem Brian, glad to help out. At one point I also went looking there and didn’t see it and decided to go back when I did find it.

BTW, AdFind will do this for you too… Just use the -samdc switch… your script could have looked like

adfind -gcb -f objectcategory=trusteddomain trustpartner trusttype trustdirection trustattributes -samdc

C:\temp>adfind -gcb -f objectcategory=trusteddomain trustpartner trusttype trustdirection trustattributes -samdc

AdFind V01.37.00cpp Joe Richards (joe@joeware.net) June 2007

Using server: DA1.joelab.loc:3268
Directory: Windows Server 2003

dn:CN=northamerica.joelab.loc,CN=System,DC=joelab,DC=loc
>trustDirection: 3 [Inbound(1);Outbound(2)]
>trustPartner: northamerica.joelab.loc
>trustType: 2 [UpLevel(2)]
>trustAttributes: 32 [Within-Forest(32)]

dn:CN=joelab.loc,CN=System,DC=northamerica,DC=joelab,DC=loc
>trustDirection: 3 [Inbound(1);Outbound(2)]
>trustPartner: joelab.loc
>trustType: 2 [UpLevel(2)]
>trustAttributes: 32 [Within-Forest(32)]

dn:CN=europe.joelab.loc,CN=System,DC=joelab,DC=loc
>trustDirection: 3 [Inbound(1);Outbound(2)]
>trustPartner: europe.joelab.loc
>trustType: 2 [UpLevel(2)]
>trustAttributes: 32 [Within-Forest(32)]

dn:CN=joelab.loc,CN=System,DC=europe,DC=joelab,DC=loc
>trustDirection: 3 [Inbound(1);Outbound(2)]
>trustPartner: joelab.loc
>trustType: 2 [UpLevel(2)]
>trustAttributes: 32 [Within-Forest(32)]

dn:CN=asia.joelab.loc,CN=System,DC=joelab,DC=loc
>trustDirection: 3 [Inbound(1);Outbound(2)]
>trustPartner: asia.joelab.loc
>trustType: 2 [UpLevel(2)]
>trustAttributes: 32 [Within-Forest(32)]

dn:CN=joelab.loc,CN=System,DC=asia,DC=joelab,DC=loc
>trustDirection: 3 [Inbound(1);Outbound(2)]
>trustPartner: joelab.loc
>trustType: 2 [UpLevel(2)]
>trustAttributes: 32 [Within-Forest(32)]

6 Objects returned

Reply