List Remote Domain(s) Trusts & Functional Levels – Powershell Script
Powershell Script to List Multiple Remote Domain(s) Trusts and Functional Levels including the Trust Status.
- Copy all the Domains you wish to get this report run on a text file and name it “domains.txt”
- Place it in the same location as the script and run the script.
<#
.Synopsis
Find and Verify Trusts and Functional Level of Multiple Domains
.DESCRIPTION
Find and Verify Trusts and Functional Level of Multiple Domains
.EXAMPLE
Script needs a File with Domain Names in a text file, Domains.txt
.Author
Murali M Palla
.Contact
contact@muralipalla.com
.Version
v1 - Feb-26,2015
#>
$SourceFile = ".\Domains.txt"
$ScriptStart = Get-Date -Format dd-MMM-yyyy-hh-mm-ss
$Report = ".\TrustInfo_$ScriptStart.csv"
clear
if(!(Test-Path $SourceFile)){Write-Host "Unable to find a File $SourceFile with list Domains";exit}
$DomainList = Get-Content $SourceFile
$TrustContainer = @()
foreach ($Domain in $DomainList)
{
$Error.Clear()
try
{
Write-Host "Checking Forest & Domain Functional Levels for $Domain" -ForegroundColor Yellow
$SourceDomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('domain',"$Domain") -ErrorAction SilentlyContinue
$SourceDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain([System.DirectoryServices.ActiveDirectory.DirectoryContext]$SourceDomainContext)
$SourceForestContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('forest',"$Domain") -ErrorAction SilentlyContinue
$SourceForest = [system.directoryservices.activedirectory.Forest]::GetForest([System.DirectoryServices.ActiveDirectory.DirectoryContext]$SourceForestContext)
$PDCEmulator = $SourceDomain.PdcRoleOwner.Name
$SourceDomainFunctonalLevel = $SourceDomain.DomainMode
$SourceForestFunctionalLevel = $SourceForest.ForestMode
$SourceDomainName = $SourceDomain.Name
}
catch
{
Write-Host "Error while Checking $Domain : $($_.Exception.Message)" -ForegroundColor White
$TrustObject = New-Object -TypeName psobject
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceDomain -Value "$Domain"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceDomainFunctionalLevel -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceForestFunctionalLevel -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustedDomain -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name NETBIOSName -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TargetDomainFunctonalLevel -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TargetForestFunctionalLevel -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustedDCName -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustDirection -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustType -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustStatus -Value "Error Connecting to $Domain"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustStatusString -Value "$($_.Exception.Message)"
$TrustContainer += $TrustObject
}
if(!($Error.Count))
{
$Error.Clear()
Write-Host "$Domain Validated, Connecting to check Trusts" -ForegroundColor DarkYellow
$WMIQueryTrusts = Get-WmiObject -Namespace root\MicrosoftActiveDirectory -Class Microsoft_DomainTrustStatus -ComputerName $PDCEmulator -ErrorAction SilentlyContinue
if ($Error.Count)
{
Write-Host "Error Connecting to $PDCEmulator : $($_.Exception.Message)" -ForegroundColor White
$error.Clear()
$TrustObject = New-Object -TypeName psobject
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceDomain -Value "$SourceDomainName"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceDomainFunctionalLevel -Value "$SourceDomainFunctonalLevel"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceForestFunctionalLevel -Value "$SourceForestFunctionalLevel"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustedDomain -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name NETBIOSName -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TargetDomainFunctonalLevel -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TargetForestFunctionalLevel -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustedDCName -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustDirection -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustType -Value ""
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustStatus -Value "Error Connecting to $PDCEmulator"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustStatusString -Value "$($_.Exception.Message)"
$TrustContainer += $TrustObject
}
else {
Write-Host "Found $($WMIQueryTrusts.Count) Trusts, Please wait while I check and create a report" -ForegroundColor Green
foreach ($Trust in $WMIQueryTrusts)
{
$TargetForestFunctionalLevel = $null
$TargetDomainFunctionalLevel = $null
$TargetDomainName = $Trust.trusteddomain
Write-Host "Verifying Trust $($Trust.TrustedDomain)" -ForegroundColor Yellow
try
{
Write-Host "Checking Forest Functional Levels for $TargetDomainName" -ForegroundColor Yellow
$TargetForestContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('forest',"$TargetDomainName") -ErrorAction SilentlyContinue
$TargetForest = [system.directoryservices.activedirectory.Forest]::GetForest([System.DirectoryServices.ActiveDirectory.DirectoryContext]$TargetForestContext)
$TargetForestFunctionalLevel = $TargetForest.ForestMode
}
catch
{
Write-Host "Error Wile Checking Forest Functional Levels for $TargetDomainName : $($_.Exception.Message)" -ForegroundColor White
$TargetForestFunctionalLevel = "Err Connecting, Check Manually"
$error.Clear()
}
try
{
Write-Host "Checking Domain Functional Levels for $TargetDomainName" -ForegroundColor Yellow
$TargetDomainContext = New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext('domain',"$TargetDomainName") -ErrorAction SilentlyContinue
$TargetDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain([System.DirectoryServices.ActiveDirectory.DirectoryContext]$TargetDomainContext)
$TargetDomainFunctionalLevel = $TargetDomain.DomainMode
}
catch
{
Write-Host "Error Wile Checking Domain Functional Levels for $TargetDomainName : $($_.Exception.Message)" -ForegroundColor White
$TargetDomainFunctionalLevel = "Err Connecting, Check Manually"
$error.Clear()
}
$TrustedDomain = $Trust.TrustedDomain
$NETBIOSName = $Trust.FlatName
$TrustedDCName = $Trust.TrustedDCName
$TrustDirection = $Trust.TrustDirection
switch ($TrustDirection)
{
1 {$TrustDirection = "Inbound"}
2 {$TrustDirection = "Outbound"}
3 {$TrustDirection = "Bidirectional"}
default{$TrustType = "Unknown"}
}
$TrustType = $Trust.TrustType
switch ($TrustType)
{
1 {$TrustType = "Downlevel"}
2 {$TrustType = "Uplevel"}
3 {$TrustType = "Kerberos realm"}
4 {$TrustType = "DCE"}
default{$TrustType = "Unknown"}
}
$TrustStatus = $Trust.TrustIsOk
$TrustStatusString = $Trust.TrustStatusString
$TrustObject = New-Object -TypeName psobject
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceDomain -Value "$SourceDomainName"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceDomainFunctionalLevel -Value "$SourceDomainFunctonalLevel"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name SourceForestFunctionalLevel -Value "$SourceForestFunctionalLevel"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustedDomain -Value "$TrustedDomain"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name NETBIOSName -Value "$NETBIOSName"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TargetDomainFunctonalLevel -Value "$TargetDomainFunctionalLevel"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TargetForestFunctionalLevel -Value "$TargetForestFunctionalLevel"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustedDCName -Value "$TrustedDCName"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustDirection -Value "$TrustDirection"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustType -Value "$TrustType"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustStatus -Value "$TrustStatus"
Add-Member -InputObject $TrustObject -MemberType NoteProperty -Name TrustStatusString -Value "$TrustStatusString"
$TrustContainer += $TrustObject
}
}
}
}
$TrustContainer | Export-Csv -Path $Report -NoTypeInformation -ErrorAction SilentlyContinue