我想快速了解 AD 环境中有多少信任,因此我使用了nltest /server:<domain controller host> /domain_trusts /all_trusts
很容易就能找出 1 路和 2 路信任的位置,但我找不到所显示的其他一些输出的文档。例如:
0: MYDOMAIN mydomain.test.net (NT 5) (Forest: 1) (Direct Outbound) (Direct Inbound) ( Attr: 0x20 )
1: TEST test.net (NT 5) (Forest Tree Root)
2: CHILD child.ey.net (NT 5) (Forest: 1)
3: SUBCHILD subchild.child.ey.net (NT 5) (Forest: 6)
我获得了直接的出站和入站数据,我假设“NT 5”只是服务器发布版本(如果我错了,请纠正我),但是返回的“Forest: #”数据是什么?我唯一能说的是,子域的数字更高。
答案1
“森林”显示“主域”是哪个条目 2 的成员。它会根据返回的条目数而变化。您可以通过将“/all_trusts”替换为“/forest”来验证这一点。
PS C:\WINDOWS\system32> nltest /domain_trusts /all_trusts
List of domain trusts:
0: DOMAIN.SUF (MIT) (Direct Outbound) ( Attr: non-trans 0x1000000 )
1: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
2: DOMAIN2 DOMAIN2.DOMAIN.SUF (NT 5) (Direct Inbound)
3: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 1) (Primary Domain) (Native)
The command completed successfully
PS C:\WINDOWS\system32> nltest /domain_trusts /forest
List of domain trusts:
0: FOREST FOREST.DOMAIN.SUF (NT 5) (Forest Tree Root) (Direct Outbound) (Direct Inbound)
1: CHILD CHILD.FOREST.DOMAIN.SUF (NT 5) (Forest: 0) (Primary Domain) (Native)
The command completed successfully