Hello,
it's really not clear to us how the checks are permormed since a lot of other tools show the trusts as OK while adessential is giving NOT OK for query status for a lot of them.
We understand your description:
"You should notice two properties TrustStatus and QueryStatus. If you're a Domain Admin, what the TrustStatus will do is verify the tunnel using WMI and report if it's working correctly or not. Of course, if you're not Domain Admin, this command won't help as you won't be able to query WMI on Domain Controller. This is where QueryStatus comes in. For each trust, the command queries the Administrator group within that domain. If it can resolve it, the status is OK. If it can't, it's not. This allows you to verify trusts are working or not based on AD Query even as a standard user in your domain. Of course, it's possible the trust is working, but the way it's configured prevents you from querying users/groups on the other end of the trust."
and that
"Inbound-only trusts are verified from the trusting side."
but we have too many trusts marked as NOT OK while they are effectively OK
We see that QueryStatus is using WMI too and, since it's run as a standard account, it receives an "Access Denied".
Would you be so kind to help us on how to properly use the tool to monitor trusts status the right way ?
Thank you in advance.
Regards,
Red.
Hello,
it's really not clear to us how the checks are permormed since a lot of other tools show the trusts as OK while adessential is giving NOT OK for query status for a lot of them.
We understand your description:
"You should notice two properties TrustStatus and QueryStatus. If you're a Domain Admin, what the TrustStatus will do is verify the tunnel using WMI and report if it's working correctly or not. Of course, if you're not Domain Admin, this command won't help as you won't be able to query WMI on Domain Controller. This is where QueryStatus comes in. For each trust, the command queries the Administrator group within that domain. If it can resolve it, the status is OK. If it can't, it's not. This allows you to verify trusts are working or not based on AD Query even as a standard user in your domain. Of course, it's possible the trust is working, but the way it's configured prevents you from querying users/groups on the other end of the trust."
and that
"Inbound-only trusts are verified from the trusting side."
but we have too many trusts marked as NOT OK while they are effectively OK
We see that QueryStatus is using WMI too and, since it's run as a standard account, it receives an "Access Denied".
Would you be so kind to help us on how to properly use the tool to monitor trusts status the right way ?
Thank you in advance.
Regards,
Red.