Share via


Verify a Trust

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 2012

You can use the Active Directory Domains and Trusts snap-in to verify whether the newly added shortcut, external, and forest trusts were created successfully.

Membership in Domain Admins or Enterprise Admins , or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at https://go.microsoft.com/fwlink/?LinkId=83477.

Verifying a trust

  • Using the Windows interface

  • Using a command line

To verify a trust using the Windows interface

  1. Open Active Directory Domains and Trusts. To open Active Directory Domains and Trusts, click Start , click Administrative Tools , and then click Active Directory Domains and Trusts .

    To open Active Directory Domains and Trusts in Windows ServerĀ® 2012, click Start , type domain.msc .

  2. In the console tree, right-click the domain that contains the trust that you want to verify, and then click Properties .

  3. On the Trusts tab, under either Domains trusted by this domain (outgoing trusts) or Domains that trust this domain (incoming trusts) , click the trust to be verified, and then click Properties .

  4. Click Validate .

  5. Do one of the following, and then click OK :

    • Click No, do not validate the incoming trust .

      If you select this option, we recommend that you repeat this procedure for the reciprocal domain.

    • Click Yes, validate the incoming trust .

      If you select this option, you must type a user account and password with administrative credentials for the reciprocal domain.

Additional considerations

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, search for "using run as" in Help and Support.

  • You can verify trusts for shortcut trusts, external trusts, and forest trusts, but not realm trusts.

Additional references

To verify a trust using a command line

  1. Open a command prompt. To open a command prompt, click Start , click Run , type cmd , and then click OK .

    To open a command prompt in Windows Server 2012, click Start , type cmd , and then click OK .

  2. Type the following command, and then press ENTER:

    netdom trust <TrustingDomainName> /d:<TrustedDomainName> /verify
    
Parameter Description

netdom trust

Managers or verifies the trust relationship between domains.

<TrustingDomainName>

Specifies the Domain Name System (DNS) name of the trusting domain in the trust that is being verified.

/d:

Specifies that the DNS domain name that follows is the trusted domain.

<TrustedDomainName>

Specifies the DNS name of the domain that is trusted in the trust that is being verified.

/verify

Verifies that the trust is operating properly.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

netdom trust | more 

Additional considerations

  • To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, search for "using run as" in Help and Support.

  • You can verify trusts for shortcut, external, and forest trusts but not realm trusts.

Additional references