Interdomain trust account


Account created when a trust relationship is established between two domains. To
implement the trust, an interdomain trust
account
is created in the directory db of the trustED domain. The
account is created when the administrator of the trusted domain defines the
trusting domain using the admin application User Manager for Domains. The
account has the USER_INTERDOMAIN_TRUST_ACCOUNT
bit set which identifies it as only used for trust relationships. The account is
hidden and cannot be modified. The password and account is used when
establishing a session with the trustING domain. The account is only viewable
via registry on the PDC of the trustED domain: HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Accounts\Users\Names\<trustEDdomainname>$.

The Windows NT Resource Kit utility netdom ,
netdom.exe, can be used to restore damaged trust relationships. The Windows NT
Resource Kit utility nltest , nltest.exe, can be used to
restore damaged trust relationships. See Q158148
. nltest is a niffty tool to reveal how many bad-password attempts have been
racked up by an account.

Background on Inter-Domain Trust Account Passwords is found in: Q128489.

Netdom can be used to add NT workstations or stand-alone servers to a domain.
It will create the computer account, if one doesn’t already exist, if you use
the command with administrator credentials. The syntax:

NETDOM /Domain:domaintoaddPCinto /user:administrator
/password:adminpassword MEMBER computername /JOINDOMAIN

If you want to create a computer account but don’t won’t to add the
workstation to the domain until later, don’t use the /JOINDOMAIN parm:

NETDOM /Domain:domaintoaddPCinto /user:administrator
/password:adminpassword MEMBER computername /ADD

More information about NETDOM is available in the Microsoft Knowledge Base
article Q158148
.

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top