Mapping Get-ADTrust attributes to the TDO Object

This post provides the details of the mapping between the the attributes displayed by the Get-ADTrust powershell command and the attributes of the TDO object.

Most of the properties returned by the Get-ADTrust command map to the TrustAttribute attribute of the TDO object, so the table below shows which values of the TrustAttribute map to corresponding Get-ADTrust Property. The NetTools Mnemonic column has the name of the mnemonic that NetTools will display if this value is set.

Get-ADTrust Parameter	TDO Attribute	NetTools Mnemonic
Direction	trustDirection
DisallowTransivity	TrustAttribute	Non-Transitive
DistinguishedName	DistinguishedName
ForestTransitive	TrustAttribute	Forest Transitive
IntraForest
IsTreeParent
IsTreeRoot
Name	Name
ObjectClass	ObjectClass
ObjectGUID	ObjectGUID
SelectiveAuthentication	TrustAttribute	Cross Organisation
SIDFilteringForestAware	TrustAttribute	SSIDHistory
SIDFilteringQuarantined	TrustAttribute	Quarantined
Source
Target	trustPartner
TGTDelegation	TrustAttribute	TGT Delegration
TrustAttributes
TrustType	trustType
TrustedPolicy
TrustingPolicy
UsesAESKeys	msDS-SupportedEncryptionTypes
UsesRC4Encryption	TrustAttribute	RC4 Encryption

This table shows the NetDom command argument that is used to change the corresponding TDO attribute.

Get-ADTrust Parameter	NetDom Parameter
Direction	twoway or oneside
ForestTransitive	Transitive
SelectiveAuthentication	SelectiveAuth
SIDFilteringForestAware	SIDHistory
SIDFilteringQuarantined	Quarantine
TGTDelegation	EnableTgtDelegation

This page provides the details of the netdom command parameters, and this page provides the details of the TrustAttribute attribute. This page provides the details of the SID filtering functionality and which SID will be filtered.

The screenshot below shows the enumerate or mnemonics as defined on NetTools.

TrustAttribute