September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.21. Resetting a Trust
Problem
You want to reset a trust password. If you’ve determined a trust is broken, you need to reset it, which will allow users to authenticate across it again.
Solution
Using a graphical user interface
Follow the same directions as Recipe 2.20. The option to reset the trust will only be presented if the Verify/Validate did not succeed.
Using a command-line interface
> netdom trust <TrustingDomain> /Domain:<TrustedDomain> /Reset /verbose[RETURN] [/UserO:<TrustingDomainUser> /PasswordO:*][RETURN] [/UserD:<TrustedDomainUser> /PasswordD:*]
Using VBScript
' This code resets the specified trust. ' ------ SCRIPT CONFIGURATION ------ ' Set to the DNS or NetBIOS name for the Windows 2000, ' Windows NT domain or Kerberos realm you want to reset the trust for. strTrustName = "<TrustToCheck>" ' Set to the DNS name of the source or trusting domain. strDomain = "<TrustingDomain>" ' ------ END CONFIGURATION --------- ' Enable SC_RESET during trust enumerations set objTrustProv = GetObject("winmgmts:\\" & strDomain & _ "\root\MicrosoftActiveDirectory:Microsoft_TrustProvider=@") objTrustProv.TrustCheckLevel = 3 ' Enumerate with SC_RESET objTrustProv.Put_ ' Query the trust and print status information set objWMI = GetObject("winmgmts:\\" & strDomain & _ "\root\MicrosoftActiveDirectory") set objTrusts = objWMI.ExecQuery("Select * " _ & " from Microsoft_DomainTrustStatus " _ & " where TrustedDomain = '" & strTrustName & "'" ) for each objTrust in objTrusts Wscript.Echo objTrust.TrustedDomain ...