2.21. Resetting a Trust

Problem

You want to reset a trust password. If you’ve determined a trust is broken, you need to reset it, which will allow users to authenticate across it again.

Solution

Using a graphical user interface

Follow the same directions as Recipe 2.20. The option to reset the trust will only be presented if the Verify/Validate did not succeed.

Using a command-line interface

> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Reset /verbose[RETURN]
   [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN]
   [/UserD:<TrustedDomainUser> /PasswordD:*]

Using VBScript

' This code resets the specified trust.
' ------ SCRIPT CONFIGURATION ------
' Set to the DNS or NetBIOS name for the Windows 2000,
' Windows NT domain or Kerberos realm you want to reset the trust for.
strTrustName = "<TrustToCheck>"

' Set to the DNS name of the source or trusting domain.
strDomain    = "<TrustingDomain>" ' ------ END CONFIGURATION --------- ' Enable SC_RESET during trust enumerations set objTrustProv = GetObject("winmgmts:\\" & strDomain & _ "\root\MicrosoftActiveDirectory:Microsoft_TrustProvider=@") objTrustProv.TrustCheckLevel = 3 ' Enumerate with SC_RESET objTrustProv.Put_ ' Query the trust and print status information set objWMI = GetObject("winmgmts:\\" & strDomain & _ "\root\MicrosoftActiveDirectory") set objTrusts = objWMI.ExecQuery("Select * " _ & " from Microsoft_DomainTrustStatus " _ & " where TrustedDomain = '" & strTrustName & "'" ) for each objTrust in objTrusts Wscript.Echo objTrust.TrustedDomain ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial