Reapply SID filter quarantining
Updated: March 2, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
You can reapply security identifier (SID) filter quarantining to an external or forest trust that has had SID filter quarantining disabled. By default, Windows Server 2003 automatically enables SID filter quarantining on all external trusts that are created by a Windows Server 2003 domain controller. For more information about how SID filter quarantining works, see "Security Considerations for Trusts" in the Windows Server 2003 Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=35413).
You can reapply SID filter quarantining by using the Netdom command-line tool. For more information about the Netdom command-line tool, see "Netdom.exe: Windows Domain Manager" in the Windows Server 2003 Technical Reference on the Microsoft Web site (http://go.microsoft.com/fwlink/?LinkId=41700).
To complete this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory.
To reapply SID filter quarantining
To reapply SID filter quarantining for the trusting domain, open a Command Prompt.
Type the following syntax, and then press ENTER:
Netdom trust TrustingDomainName /domain: TrustedDomainName /quarantine:Yes /userD: domainadministratorAcct /passwordD: domainadminpwd
The Domain Name System (DNS) name (or network basic input/output system (NetBIOS) name) of the trusting domain in the trust that is being created.
The DNS name (or NetBIOS name) of the domain that will be trusted in the trust that is being created.
The user account name with the appropriate administrator credentials to modify the trust.
The password of the user account in domainadministratorAcct.