TestimoX

API Reference

Command

Set-ADXTrust

Namespace ADPlayground.PowerShell

Sets trust configuration between two domains (or forests).

Remarks

Updates selected trust attributes on the trustedDomain object from -Source (local) to -Target (remote). Parameters are optional and independent — specify only what you want to change. Supports -WhatIf/-Confirm.

Examples

Authored help example

Example 1: Enable SID Filtering

PS>


Set-ADXTrust -Source 'ad.evotec.xyz' -Target 'test.evotec.pl' -SidFiltering $true

Enables SID Filtering on an external/forest trust.

Example 2: Preview enabling Selective Authentication

PS>


Set-ADXTrust -Source 'ad.evotec.xyz' -Target 'test.evotec.pl' -SelectiveAuthentication $true -WhatIf

Shows what would change without applying it.

Example 3: Disable TGT Delegation

PS>


Set-ADXTrust -Source 'ad.evotec.xyz' -Target 'test.evotec.pl' -TgtDelegation $false

Removes TGT delegation across the trust to reduce cross-trust delegation risk.

Example 4: Set multiple in one call

PS>


Set-ADXTrust -Source 'ad.evotec.xyz' -Target 'test.evotec.pl' -SidFiltering $true -SelectiveAuthentication $true -TgtDelegation $false

Updates several properties atomically.

Example 5: Force AES only on the trust

PS>


Set-ADXTrust -Source 'ad.evotec.xyz' -Target 'test.evotec.pl' -KerberosEncryptionType AES128,AES256

Overwrites the trust's msDS-SupportedEncryptionTypes to allow only AES algorithms.

Common Parameters

This command supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable.

For more information, see about_CommonParameters.

Syntax

Set-ADXTrust -Source <string> -Target <string> [-KerberosEncryptionType <string[]>] [-SelectiveAuthentication <bool>] [-SidFiltering <bool>] [-TgtDelegation <bool>] [<CommonParameters>]
#

Parameters

Source string requiredposition: 0pipeline: false
DNS domain name (or forest root domain) where the trust object resides. Typically the local forest/domain. Example: ad.evotec.xyz.
Target string requiredposition: 1pipeline: false
DNS target domain name (or forest root domain) referenced by the trust. Example: test.evotec.pl.
KerberosEncryptionType string[] optionalposition: namedpipeline: false
Kerberos encryption types to allow for the trust. Recommended: AES128, AES256. Supplying this parameter overwrites the set on the trustedDomain object.
SelectiveAuthentication bool optionalposition: namedpipeline: false
Enables or disables Selective Authentication on the trust. Recommended for cross-forest/external trusts where access should be granted per principal. Specify only when you want to change this property; omitted parameters are ignored.
SidFiltering bool optionalposition: namedpipeline: false
Enables or disables SID Filtering on the trust. SID Filtering should be enabled on external/forest trusts. Specify only when you want to change this property; omitted parameters are ignored.
TgtDelegation bool optionalposition: namedpipeline: false
Enables or disables TGT Delegation across the trust. Disabling is recommended to reduce cross-trust delegation risk. Specify only when you want to change this property; omitted parameters are ignored.