I recently was talking to an organization about their security posture and mostly everything I recommended to them, they had already implemented and plus some. The audits I conducted for them seconded what they were saying. I must say, I was thoroughly impressed. There was, however, one gray area that stood out to me and that was Domain Trusts. In their eyes, they didn’t have any but the Domain Controller displayed otherwise.
I’m sure everyone knows how to check via the GUI but did you also know it can be done through PowerShell? If not, let’s proceed.
From within a Domain Controller of a system with Remote System Administration Tools (RSAT) installed, we can utilize the Active Directory module which contains the Get-AdTrust cmdlet. For us to view Trusts, we can do the following:
From the above, we see the trust is with the Multiverse domain. We can also see that the direction is bi-directional, meaning it is a Two-Way Trust. It is also non-transitive, noted by the numerical one listed in the Trust Attributes property.
We can also get this same information using WMI, which we will use on the same server. To do so, we can do the following:
A simple script for this can be found at HERE.
From the above, we see the Trust Attributes property again along with a Trusted Domain property, which depicts the name of the domain we have a trust with. In addition, we see the Trust Direction property with a value of three, which depicts two-way.
For future reference, the meanings for each available value in Trusted Attributes and Trusted Direction are below.
TrustedAttributes = Direction of Trust
1 = Non-Transitive
2 = Transitive
TrustedDirection = Direction of Trust
1 = Incoming only
2 = Outgoing only
3 = Two-way