Managing Windows trusts has always been difficult, despite the tools (e.g., nltest.exe) that the Windows resource kits provide to verify that trusts are in place. Windows Server 2003, however, exposes trust information through the new Trustmon Windows Management Instrumentation (WMI) provider. Thus, any WMI consumer application—such as a Windows Script Host (WSH) script, Windows .NET Framework application, or enterprise-management software product—can exploit the Trustmon classes to retrieve information about existing trusts. You can also use WMI Query Language (WQL) event queries to monitor trusts and trigger alerts.
The Trustmon Provider
The Trustmon WMI provider supports three WMI classes in the root\microsoftactivedirectory namespace: Microsoft_TrustProvider, Microsoft_DomainTrustStatus, and Microsoft_LocalDomainInfo. These three classes expose information about the trust relationships between domains.
Microsoft_TrustProvider is a singleton class that includes properties that control how the Microsoft_DomainTrustStatus class will enumerate the status of domain trusts. (A singleton class has only one instance of the managed object it represents on the examined system. For example, the Win32_WMISetting WMI class is a singleton class because a Windows system has only one instance of the WMI settings.) The Trustmon provider verifies trusts during the enumeration of the Microsoft_DomainTrustStatus class according to the parameters specified in the Microsoft_TrustProvider instance. The Microsoft_LocalDomainInfo class, also a singleton class, gathers information about the local domain. . . .
