Mapping Get-ADTrust attributes to the TDO Object

This post provides the details of the mapping between the the attributes displayed by the Get-ADTrust powershell command and the attributes of the TDO object.

Most of the properties returned by the Get-ADTrust command map to the TrustAttribute attribute of the TDO object, so the table below shows which values of the TrustAttribute map to corresponding Get-ADTrust Property.  The NetTools Mnemonic column has the name of the mnemonic that NetTools will display if this value is set.

Get-ADTrust ParameterTDO AttributeNetTools Mnemonic
DirectiontrustDirection
DisallowTransivityTrustAttributeNon-Transitive
DistinguishedNameDistinguishedName
ForestTransitiveTrustAttributeForest Transitive
IntraForest
IsTreeParent
IsTreeRoot
NameName
ObjectClassObjectClass
ObjectGUIDObjectGUID
SelectiveAuthenticationTrustAttributeCross Organisation
SIDFilteringForestAwareTrustAttributeSSIDHistory
SIDFilteringQuarantinedTrustAttributeQuarantined
Source
TargettrustPartner
TGTDelegationTrustAttributeTGT Delegration
TrustAttributes
TrustTypetrustType
TrustedPolicy
TrustingPolicy
UsesAESKeysmsDS-SupportedEncryptionTypes
UsesRC4EncryptionTrustAttributeRC4 Encryption

This table shows the NetDom command argument that is used to change the corresponding TDO attribute.

Get-ADTrust ParameterNetDom Parameter
Directiontwoway or oneside
ForestTransitiveTransitive
SelectiveAuthenticationSelectiveAuth
SIDFilteringForestAwareSIDHistory
SIDFilteringQuarantinedQuarantine
TGTDelegationEnableTgtDelegation

This page provides the details of the netdom command parameters, and this page provides the details of the TrustAttribute attribute.  This page provides the details of the SID filtering functionality and which SID will be filtered.

The screenshot below shows the enumerate or mnemonics as defined on NetTools.

TrustAttribute