Get-ADXTrust

Namespace ADPlayground.PowerShell

Inputs

System.String

Outputs

ADPlayground.Trusts.TrustExplorer+Assessment ADPlayground.Trusts.TrustSummaryRow

Explores domain/forest trusts using typed ADPlayground models.

Remarks

Enumerates domain and forest trust relationships, returning typed Assessment rows enriched with LDAP data (attributes, encryption types, suffixes). Use -SkipValidation:$false to attempt lightweight LDAP checks (e.g., probing a target group) and classify TrustStatus.

Examples

Authored help example

Example 1: Enumerate trusts in current forest

PS>


Get-ADXTrust

Outputs typed trust assessments for the current forest's domains and forest trusts.

Example 2: Enumerate starting at a specific forest (recursively)

PS>


Get-ADXTrust -Forest 'contoso.com' -Recursive

Walks remote forests linked by forest trusts and includes their trusts as well.

Example 3: Attempt validation of targets

PS>


Get-ADXTrust -SkipValidation:$false

Performs lightweight LDAP checks to classify trust connectivity (may require permissions and network reachability).

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Get-ADXTrust [-Forest <string>] [-CommunicationIssues] [-DirectionFilter <string>] [-Impermeability] [-InactiveDays <int>] [-OldProtocol] [-Recursive] [-SkipValidation] [-Status <string>] [-Summary] [-SummaryBy <string>] [-SummaryMatrix] [-Type <string>] [<CommonParameters>]

Parameters

Forest string optionalposition: 0pipeline: true (ByPropertyName): Optional forest root name. Defaults to the current forest when omitted.
CommunicationIssues SwitchParameter optionalposition: namedpipeline: false: Emits trust communication issues discovered in logs (NetLogon/System).
DirectionFilter string optionalposition: namedpipeline: false: Filters by trust direction.
Impermeability SwitchParameter optionalposition: namedpipeline: false: Filters to trusts that lack both selective authentication and SID filtering.
InactiveDays int optionalposition: namedpipeline: false: Threshold in days used to classify trusts as inactive.
OldProtocol SwitchParameter optionalposition: namedpipeline: false: Filters to trusts that use downlevel protocols (no AES or using RC4 / non-uplevel).
Recursive SwitchParameter optionalposition: namedpipeline: false: Recursively explore remote forests linked by forest trusts.
SkipValidation SwitchParameter optionalposition: namedpipeline: false: Skip target validation lookups (default: true). Pass -SkipValidation:$false to attempt basic LDAP validation.
Status string optionalposition: namedpipeline: false: Filters by activity state derived from modification age: Any/Active/Inactive.
Summary SwitchParameter optionalposition: namedpipeline: false: Emits grouped summary rows instead of raw assessments.
SummaryBy string optionalposition: namedpipeline: false: Controls the summary grouping key (Type or Direction).
SummaryMatrix SwitchParameter optionalposition: namedpipeline: false: Emits a 2D matrix summary combining Type × Direction counts.
Type string optionalposition: namedpipeline: false: Filters by trust type.

Outputs

ADPlayground.Trusts.TrustExplorer+Assessment, ADPlayground.Trusts.TrustSummaryRow