Domain Trusts and Forests Enumeration

Trusts

Get a List of All Trusts in the Current Domain

Get-NetDomainTrust [-Domain <domain>] # PowerView
Get-ADTrust -Filter * [-Identity <domain>] # AD Module

  • Using pywerview.py

python pywerview.py get-netdomaintrust -w bizcorp.local -u <user> -p <pass> -t <dc> [-d <domain>]

Listing All Trusts in Another Forest (If Your Current Forest is in a Bi-Directional Trust With Another Forest)

Get-NetForestDomain -Forest <forest> | Get-NetDomainTrust # PowerView

Forest Mapping

Get Details About the Current Forest

Get-NetForest [-Forest <forest>] # PowerView
Get-ADForest [-Identity <forest>] # AD Module

Get All Domains in the Current Forest

Get-NetForestDomain [-Forest <forest>] # PowerView
(Get-ADForest).Domains # AD Module

Get All Global Catalogs for the Current Forest

Get-NetForestCatalog [-Forest <forest>] # PowerView
Get-ADForest | select -ExpandProperty GlobalCatalogs # AD Module

Map Trusts of a Forest

Get-NetForestTrust [-Forest <forest>] # PowerView
Get-ADTrust -Filter 'msDS-TrustForestTrustInfo -ne "$null"' # AD Module
PreviousAccess Control ListsNextUser Hunting

Last updated