Verify SID filter quarantining

  • Article

Applies To: Windows Server 2003, Windows Server 2008, Windows Server 2008 R2

You can use this procedure to verify the status of security identifier (SID) filter quarantining for an external trust or a forest trust using Netdom.exe.

For more information about the netdom command-line tool, see Netdom Overview (https://go.microsoft.com/fwlink/?LinkId=111537).

For more information about how SID filtering works, see Security Considerations for Trusts (https://go.microsoft.com/fwlink/?LinkID=111846)

Membership in Domain Admins or Enterprise Admins in Active Directory Domain Services (AD DS), or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

To verify SID filter quarantining from the trusting domain

  1. Open a command prompt.

  2. At the command prompt, type the following syntax, and then press ENTER:

    netdom trust <TrustingDomainName> /domain: <TrustedDomainName> /quarantine /userD: <domainadministratorAcct> /passwordD: <domainadminpwd>

    Note

    For a description of the placeholder values, see Placeholder reference table.

To verify SID filter quarantining from the trusting forest

  1. Open a command prompt.

  2. At the command prompt, type the following syntax, and then press ENTER:

    netdom trust <TrustingDomainName> /domain: <TrustedDomainName> /enablesidhistory /userD: <domainadministratorAcct> /passwordD: <domainadminpwd>

    Note

    For a description of the placeholder values, see Placeholder reference table.

To verify SID filter quarantining from the trusted domain

  1. Open a command prompt.

  2. At the command prompt, type the following syntax, and then press ENTER:

    netdom trust <TrustingDomainName> /userO:<domainadministratorAcct> /passwordO:<domainadminpwd> /domain:<TrustedDomainName> /quarantine

    Note

    For a description of the placeholder values, see Placeholder reference table.

To verify SID filter quarantining from the trusted forest

  1. Open a command prompt.

  2. At the command prompt, type the following syntax, and then press ENTER:

    netdom trust <TrustingDomainName> /userO:<domainadministratorAcct> /passwordO:<domainadminpwd> /domain:<TrustedDomainName> /enablesidhistory

    Note

    For a description of the placeholder values, see Placeholder reference table.

Placeholder reference table

The following table describes the placeholder values in the syntax for the netdom command.

Value

Description

<TrustingDomainName>

The Domain Name System (DNS) name (or NetBIOS name) of the trusting domain in the trust that is being created.

<TrustedDomainName>

The DNS name (or NetBIOS name) of the domain that will be trusted in the trust that is being created.

<domainadministratorAcct>

The user account name with the appropriate administrator credentials to modify the trust.

<domainadminpwd>

The password of the user account in domainadministratorAcct.