Q about transitive forest trusts

Gerald (Jerry) Carter jerry at samba.org
Thu Apr 5 15:27:42 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I'm fishing for some info. Here's my test setup (domain names
in all caps):

   CHERRY --------->  CORP
                         \----> ENGR

Both forests are operating in 2003 mode and the trust is
a one-way transitive forest trust.

If I join an XP client to the CHERRY domain, I do not see
the ENGR show up in the list of domains at the CTRL+ALT+DEL
logon box. I can logon to the XP client using UPN of a user
in the engr.corp.plainjoe.org domain.

The problem I have (and apparently Windows does as well) is that
DsEnumerateDomainTrusts() does not enumerate domains reachable
by the transitive trust with the CORP domain.

Has anyone played with the lsa_QueryTrustedDomainInfo()
in lsa.idl to know if that would give me more information
about the engr.corp.plainjoe.org domain in this example?

Basically I need to know the complete trusted forest heirarchy
and not just the direct outgoing trust to CORP.




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGFRVuIR7qMdg1EfYRAiwXAKDRYaJQYgQUdiCC1g/Yv/CdTei5TQCgv/xk
m7Rl3tkc9vwIFoykdt36XXE=
=cXnQ
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list