I suggest you ...

Forest trusts are not discovered if Root Management Server is located in a child domain and not in the forest root domain. The ADTopologyDis

Forest trusts are not discovered if Root Management Server is located in a child domain and not in the forest root domain.

Based on the Active Directory Management Pack Guide this should work:

Multi-Forest Monitoring
Topology views automatically discover all forests that have two-way transitive trusts with the local forest. However, cross-forest monitoring of a forest that is not fully trusted is not supported.

The ADTopologyDiscovery.vbs in the Microsoft.Windows.Server.AD.Library MP contains the related code:

If this query

Set cForests = LDAPQuery(oCurrentADObj.oObject.Get("rootDomainNamingContext"), "(& (&(objectCategory=trustedDomain)(trustAttributes=8))(trustDirection=3))", "cn", "subtree", oADOConn, oAPI)

does run on a Management Server in a child domain and not in the forest root domain the connect to rootdomainnamingcontext does return a referral. And this referral is not considered and therefore no forest trusts are delivered.

I suggest

- Correct the script to connect to a forest root domain controller to enumerate forest trusts
- Or change the Management Pack Guide and document that the Root Management Server Emulator must be a member of the forest root domain to create the topology view with forest trusts.

6 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
You have left! (?) (thinking…)
Anonymous shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base