Forest trusts are not discovered if Root Management Server is located in a child domain and not in the forest root domain. The ADTopologyDis
Forest trusts are not discovered if Root Management Server is located in a child domain and not in the forest root domain.
Based on the Active Directory Management Pack Guide this should work:
Topology views automatically discover all forests that have two-way transitive trusts with the local forest. However, cross-forest monitoring of a forest that is not fully trusted is not supported.
The ADTopologyDiscovery.vbs in the Microsoft.Windows.Server.AD.Library MP contains the related code:
If this query
Set cForests = LDAPQuery(oCurrentADObj.oObject.Get("rootDomainNamingContext"), "(& (&(objectCategory=trustedDomain)(trustAttributes=8))(trustDirection=3))", "cn", "subtree", oADOConn, oAPI)
does run on a Management Server in a child domain and not in the forest root domain the connect to rootdomainnamingcontext does return a referral. And this referral is not considered and therefore no forest trusts are delivered.
- Correct the script to connect to a forest root domain controller to enumerate forest trusts
- Or change the Management Pack Guide and document that the Root Management Server Emulator must be a member of the forest root domain to create the topology view with forest trusts.