Auditing Active Directory Trusts

The script collects and verifies Active Directory trusts of the current forest or a specified domain.The trust information are exported in CSV file.

4.6 Star
3,919 times
Add to favorites
Active Directory
E-mail Twitter Digg Facebook
  • Bug in Get-WMIObject function call
    1 Posts | Last post January 25, 2018
    • This might not necessarily be a bug in all versions of Windows, but in Server 2016, the value of $objDomain.PdcRoleOwner is $null because $objDomain doesn't contain a direct property PdcRoleOwner. In order to populate all of the columns of the CSV with valid values, the code should be changed to: $objDomain.Domains.PdcRoleOwner. 
      When looking at the current version of 'Forest' dot net class, this is confirmed. The 'Forest' class contains a property 'Domains' which is actually a nested 'Domain' class object. This 'Domain' class object contains the property PdcRoleOwner (which in turn is another class object).
      If you host all 5 FSMO roles on the same Domain Controller, you could also use $objDomain.NamingRoleOwner in place of $objDomain.Domains.PdcRoleOwner.
  • additions
    1 Posts | Last post August 07, 2013
    • Useful script. I found adding the whenCreated attribute useful, as we could link it to the original change request (which in turn enabled us to find the reason why the trust exists in the first place...we are talking legacy NT4 domains here that no one has knowledge of). I also used the following which allowed me to open in Excel easily:
      -Delimiter ","