I have an external trust with my Active Directory domain. I want to validate the trust from a command so that I can do it remotely and don't have to open Remote Desktop and navigate to the AD domains and trusts console. I have read that netdom trust TrustingDomainName /d:TrustedDomainName /verify should work, but it does not. Whether locally or via psexec, I get The command failed to complete successfully. with an error code of 5.
Anyone know a command that does work?
Error code 5 for Access is denied, you didn't have a appropriate rights to verify the Domain trust, should have a Domain admin/enterprise admin right or use run as with account which has a required access
If access is denied for Netdom commands across a trust, you likely need to enable the Network access: Allow anonymous SID/Name translation group policy object on each domain controller.
The GPO is located in Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
Source - https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-allow-anonymous-sidname-translation